Tag
In this whitepaper, the authors introduce the first model-stealing attack that extracts precise, nontrivial information from black-box production language models like OpenAI's ChatGPT or Google's PaLM-2. Specifically, their attack recovers the embedding projection layer (up to symmetries) of a transformer model, given typical API access. For under $20 USD, their attack extracts the entire projection matrix of OpenAI's ada and babbage language models. They thereby confirm, for the first time, that these black-box models have a hidden dimension of 1024 and 2048, respectively. They also recover the exact hidden dimension size of the gpt-3.5-turbo model, and estimate it would cost under $2,000 in queries to recover the entire projection matrix. They conclude with potential defenses and mitigations, and discuss the implications of possible future work that could extend this attack.
MetaFox versions 5.1.8 and below suffer from a remote shell upload vulnerability.
Ubuntu Security Notice 6692-1 - It was discovered that Gson incorrectly handled deserialization of untrusted input data. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
Cisco Firepower Management Center suffers from an authenticated remote command execution vulnerability. Many versions spanning the 7.x.x.x and 6.x.x.x branches are affected.
Red Hat Security Advisory 2024-1304-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a memory exhaustion vulnerability.
VMware Cloud Director version 10.5 suffers from an authentication bypass vulnerability.
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.
Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Google Workspace as well as companies using the LLM API. The first vulnerability involves
By Waqas Another day, another malware exploiting cloud services to steal sensitve data from unsuspecting Windows users. This is a post from HackRead.com Read the original post: New Vcurms Malware Targets Popular Browsers for Data Theft
A number of software brands are being impersonated with malicious ads and fake sites to distribute malware.