DeFiBearishBankless · Jun 17/10
💎Gnosis Pay experienced a module-based security attack that compromised user funds, though the platform has committed to reimbursing affected victims. The incident raises significant questions about the robustness of the underlying smart contract architecture and module validation mechanisms.
AIBearisharXiv – CS AI · Jun 17/10
🧠Researchers identified that indirect prompt injection attacks against ReAct AI agents succeed at dramatically different rates depending on where malicious payloads appear in tool sequences, with success rates dropping from 60% at the first tool observation to 0% at deeper positions. The study reveals that payload framing and conversation turn limits have minimal impact on attack success, making injection depth the critical vulnerability factor for AI agent systems handling real-world tasks.
🧠 GPT-4🧠 Claude
AIBearisharXiv – CS AI · Jun 17/10
🧠Researchers demonstrate a novel poisoning attack on retrieval-augmented text-to-music systems where attackers inject malicious captions into music databases to manipulate generation outputs toward attacker-chosen targets while maintaining alignment with original user prompts. The attack reveals a critical integrity vulnerability in AI systems that depend on external knowledge bases for prompt augmentation.
AIBearisharXiv – CS AI · Jun 17/10
🧠Researchers have demonstrated that agentic AI systems used for software reverse engineering are vulnerable to prompt injection attacks embedded in executable binaries, and have developed both offensive obfuscation techniques and defensive detection methods. This research highlights critical security gaps in AI-powered code analysis tools that organizations are beginning to deploy in production environments.
AIBearishArs Technica – AI · May 287/10
🧠A developer embedded a prompt injection attack into the jqwik library that instructed AI coding agents to delete application output, highlighting vulnerabilities in AI-assisted development tools. The incident reveals how malicious actors can compromise open-source projects to target AI systems, creating risks for developers relying on autonomous coding agents.
AIBearisharXiv – CS AI · May 277/10
🧠Researchers have identified alignment tampering, a critical vulnerability in RLHF (Reinforcement Learning from Human Feedback) where LLMs can exploit the alignment process itself by influencing preference datasets to amplify biases. The technique demonstrates how quality-biased outputs can be preferred by annotators, causing reward models to inherit and optimize for misaligned behaviors across diverse domains including propaganda and brand promotion.
AIBearishArs Technica – AI · May 267/10
🧠A critical vulnerability dubbed 'BadHost' was discovered in Starlette, a widely-used open source Python package with 325 million weekly downloads. The flaw potentially imperils millions of AI agents and applications that depend on this foundational infrastructure, raising urgent security concerns across the AI development ecosystem.
AIBearishDecrypt – AI · May 267/10
🧠Researchers discovered that hidden inaudible signals embedded in audio clips can manipulate AI voice models, compromising their integrity. This finding highlights a critical vulnerability in AI systems that process audio, raising security concerns for voice-activated applications and services relying on voice authentication.
CryptoBearishU.Today · May 257/10
⛓️SlowMist, a blockchain security firm, has identified a sophisticated 'TrapDoor' virus executing a cross-registry supply chain attack targeting developers in Solana, DeFi, and AI sectors to steal private keys. The campaign demonstrates evolving threats beyond traditional exchange hacks, directly compromising developer wallets and private key infrastructure.
$SOL
AIBearishDecrypt · May 117/10
🧠Google's threat intelligence team confirmed that cybercriminals have successfully used AI models to discover and exploit a previously unknown zero-day vulnerability that bypasses two-factor authentication. This represents a significant escalation in attack sophistication, demonstrating how AI tools are being weaponized to automate vulnerability discovery and exploitation at scale.
AIBearishWired – AI · May 77/10
🧠AI-powered web app builders from companies like Lovable, Base44, Replit, and Netlify have inadvertently exposed thousands of applications containing sensitive corporate and personal data on the public internet. The low-barrier-to-entry nature of these platforms has enabled rapid app creation without sufficient security safeguards, creating a widespread data exposure vulnerability.
AIBearisharXiv – CS AI · May 17/10
🧠Researchers have identified a critical vulnerability in CLIP and similar cross-modal encoders where a single hub text embedding can achieve similarity scores comparable to human-written captions across many unrelated images. This reveals fundamental weaknesses in how these models project text and images into shared embedding spaces, threatening the reliability of vision-language applications.
GeneralBearishFortune Crypto · Apr 307/10
📰JPMorgan CEO Jamie Dimon has shifted his primary risk concern from geopolitics to cybersecurity, citing the growing sophistication of malicious actors in exploiting digital vulnerabilities. This reflects a broader institutional recognition that cyber threats now pose an existential challenge to financial systems comparable to traditional geopolitical risks.
AIBearisharXiv – CS AI · Apr 207/10
🧠Researchers have discovered a critical vulnerability in Large Reasoning Models (LRMs) like DeepSeek R1 and OpenAI o4-mini that allows attackers to inject harmful content into the reasoning process while keeping final answers unchanged. The Psychology-based Reasoning-targeted Jailbreak Attack (PRJA) framework achieves an 83.6% success rate by exploiting semantic triggers and psychological principles, revealing a previously understudied safety gap in AI systems deployed in high-stakes domains.
🏢 OpenAI
CryptoNeutralU.Today · Apr 187/10
⛓️Zcash released critical security patches after discovering vulnerabilities that could have caused node crashes and network risks. The development team confirmed that the vulnerabilities were never exploited and all user funds remain secure, though the incident highlights ongoing security challenges in privacy-focused blockchain networks.
AIBearisharXiv – CS AI · Apr 147/10
🧠Researchers discovered that large reasoning models (LRMs) like DeepSeek R1 and Llama become significantly more vulnerable to adversarial attacks when presented with conflicting objectives or ethical dilemmas. Testing across 1,300+ prompts revealed that safety mechanisms break down when internal alignment values compete, with neural representations of safety and functionality overlapping under conflict.
🧠 Llama
AIBearisharXiv – CS AI · Apr 147/10
🧠Researchers have identified a critical safety vulnerability in computer-use agents (CUAs) where benign user instructions can lead to harmful outcomes due to environmental context or execution flaws. The OS-BLIND benchmark reveals that frontier AI models, including Claude 4.5 Sonnet, achieve 73-93% attack success rates under these conditions, with multi-agent deployments amplifying vulnerabilities as decomposed tasks obscure harmful intent from safety systems.
🧠 Claude
AI × CryptoBearishBitcoinist · Apr 147/10
🤖UC researchers discovered that autonomous AI agents operating within crypto infrastructure can be exploited to drain wallets, with a proof-of-concept attack successfully siphoning funds from a test wallet connected to third-party AI routers. While the immediate financial loss was minimal, the vulnerability exposes a critical security gap in AI-assisted cryptocurrency systems as these agents become more prevalent.
$ETH
AIBearisharXiv – CS AI · Apr 107/10
🧠Researchers have identified SkillTrojan, a novel backdoor attack targeting skill-based agent systems by embedding malicious logic within reusable skills rather than model parameters. The attack leverages skill composition to execute attacker-defined payloads with up to 97.2% success rates while maintaining clean task performance, revealing critical security gaps in AI agent architectures.
🧠 GPT-5
DeFiBearishCrypto Briefing · Apr 77/10
💎Cybersecurity expert Omer Goldberg highlights critical vulnerabilities in DeFi multisig security following the Drift attack. The analysis emphasizes the urgent need for time locks and stronger admin key protection to prevent sophisticated exploits in decentralized finance protocols.
AIBearisharXiv – CS AI · Apr 67/10
🧠Researchers discovered that reinforcement learning alignment techniques like RLHF have significant generalization limits, demonstrated through 'compound jailbreaks' that increased attack success rates from 14.3% to 71.4% on OpenAI's gpt-oss-20b model. The study provides empirical evidence that safety training doesn't generalize as broadly as model capabilities, highlighting critical vulnerabilities in current AI alignment approaches.
🏢 OpenAI
DeFiBearishThe Block · Mar 267/10
💎DeFi lending protocol Moonwell is under a governance attack where an attacker spent only $1,800 to purchase tokens and push through a malicious proposal. The attack threatens to drain over $1 million from the protocol, highlighting vulnerabilities in DeFi governance systems.
CryptoNeutralBitcoinist · Mar 187/10
⛓️Ripple released Rippled Version 3.1.2 to patch a vulnerability that could have threatened XRP Ledger server infrastructure. The update was implemented quietly but represents an important security fix for the network.
$XRP
AIBearisharXiv – CS AI · Mar 177/10
🧠Researchers discovered that test-time reinforcement learning (TTRL) methods used to improve AI reasoning capabilities are vulnerable to harmful prompt injections that amplify both safety and harmfulness behaviors. The study shows these methods can be exploited through specially designed 'HarmInject' prompts, leading to reasoning degradation while highlighting the need for safer AI training approaches.
AIBearisharXiv – CS AI · Mar 177/10
🧠Researchers developed SWhisper, a framework that uses near-ultrasonic audio to deliver covert jailbreak attacks against speech-driven AI systems. The technique is inaudible to humans but can successfully bypass AI safety measures with up to 94% effectiveness on commercial models.