y0news
AnalyticsDigestsSourcesTopicsRSSAICrypto

#vulnerability News & Analysis

124 articles tagged with #vulnerability. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.

124 articles
DeFiBearishBankless · Jun 17/10
💎

Gnosis Pay Hit with Module Attack

Gnosis Pay experienced a module-based security attack that compromised user funds, though the platform has committed to reimbursing affected victims. The incident raises significant questions about the robustness of the underlying smart contract architecture and module validation mechanisms.

Gnosis Pay Hit with Module Attack
AIBearisharXiv – CS AI · Jun 17/10
🧠

Depth-Dependent Indirect Prompt Injection in Tool-Calling ReAct Agents: Injection Depth, Payload Framing, and Turn-Budget Sensitivity

Researchers identified that indirect prompt injection attacks against ReAct AI agents succeed at dramatically different rates depending on where malicious payloads appear in tool sequences, with success rates dropping from 60% at the first tool observation to 0% at deeper positions. The study reveals that payload framing and conversation turn limits have minimal impact on attack success, making injection depth the critical vulnerability factor for AI agent systems handling real-world tasks.

🧠 GPT-4🧠 Claude
AIBearisharXiv – CS AI · Jun 17/10
🧠

Mental Damage: Caption Poisoning Attacks on Retrieval-Augmented Text-to-Music Generation

Researchers demonstrate a novel poisoning attack on retrieval-augmented text-to-music systems where attackers inject malicious captions into music databases to manipulate generation outputs toward attacker-chosen targets while maintaining alignment with original user prompts. The attack reveals a critical integrity vulnerability in AI systems that depend on external knowledge bases for prompt augmentation.

AIBearisharXiv – CS AI · Jun 17/10
🧠

Investigating Detection and Obfuscation of Prompt Injection Attacks Against Software Reverse Engineering AI Agents

Researchers have demonstrated that agentic AI systems used for software reverse engineering are vulnerable to prompt injection attacks embedded in executable binaries, and have developed both offensive obfuscation techniques and defensive detection methods. This research highlights critical security gaps in AI-powered code analysis tools that organizations are beginning to deploy in production environments.

AIBearishArs Technica – AI · May 287/10
🧠

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

A developer embedded a prompt injection attack into the jqwik library that instructed AI coding agents to delete application output, highlighting vulnerabilities in AI-assisted development tools. The incident reveals how malicious actors can compromise open-source projects to target AI systems, creating risks for developers relying on autonomous coding agents.

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
AIBearisharXiv – CS AI · May 277/10
🧠

Alignment Tampering: How Reinforcement Learning from Human Feedback Is Exploited to Optimize Misaligned Biases

Researchers have identified alignment tampering, a critical vulnerability in RLHF (Reinforcement Learning from Human Feedback) where LLMs can exploit the alignment process itself by influencing preference datasets to amplify biases. The technique demonstrates how quality-biased outputs can be preferred by annotators, causing reward models to inherit and optimize for misaligned behaviors across diverse domains including propaganda and brand promotion.

AIBearishArs Technica – AI · May 267/10
🧠

Millions of AI agents imperiled by critical vulnerability in open source package

A critical vulnerability dubbed 'BadHost' was discovered in Starlette, a widely-used open source Python package with 325 million weekly downloads. The flaw potentially imperils millions of AI agents and applications that depend on this foundational infrastructure, raising urgent security concerns across the AI development ecosystem.

Millions of AI agents imperiled by critical vulnerability in open source package
AIBearishDecrypt – AI · May 267/10
🧠

Inaudible Audio Attacks Can Hijack AI Voice Models, Study Finds

Researchers discovered that hidden inaudible signals embedded in audio clips can manipulate AI voice models, compromising their integrity. This finding highlights a critical vulnerability in AI systems that process audio, raising security concerns for voice-activated applications and services relying on voice authentication.

Inaudible Audio Attacks Can Hijack AI Voice Models, Study Finds
CryptoBearishU.Today · May 257/10
⛓️

New 'TrapDoor' Virus Steals Crypto Wallets: Solana, DeFi, AI Developers Under Threat

SlowMist, a blockchain security firm, has identified a sophisticated 'TrapDoor' virus executing a cross-registry supply chain attack targeting developers in Solana, DeFi, and AI sectors to steal private keys. The campaign demonstrates evolving threats beyond traditional exchange hacks, directly compromising developer wallets and private key infrastructure.

$SOL
AIBearishDecrypt · May 117/10
🧠

Hackers Used AI to Build a Zero-Day Exploit That Bypasses Two-Factor Authentication: Google

Google's threat intelligence team confirmed that cybercriminals have successfully used AI models to discover and exploit a previously unknown zero-day vulnerability that bypasses two-factor authentication. This represents a significant escalation in attack sophistication, demonstrating how AI tools are being weaponized to automate vulnerability discovery and exploitation at scale.

Hackers Used AI to Build a Zero-Day Exploit That Bypasses Two-Factor Authentication: Google
AIBearishWired – AI · May 77/10
🧠

Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web

AI-powered web app builders from companies like Lovable, Base44, Replit, and Netlify have inadvertently exposed thousands of applications containing sensitive corporate and personal data on the public internet. The low-barrier-to-entry nature of these platforms has enabled rapid app creation without sufficient security safeguards, creating a widespread data exposure vulnerability.

Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web
AIBearisharXiv – CS AI · May 17/10
🧠

One Single Hub Text Breaks CLIP: Identifying Vulnerabilities in Cross-Modal Encoders via Hubness

Researchers have identified a critical vulnerability in CLIP and similar cross-modal encoders where a single hub text embedding can achieve similarity scores comparable to human-written captions across many unrelated images. This reveals fundamental weaknesses in how these models project text and images into shared embedding spaces, threatening the reliability of vision-language applications.

GeneralBearishFortune Crypto · Apr 307/10
📰

For years, the risk Jamie Dimon was most concerned about was geopolitics. His answer has shifted

JPMorgan CEO Jamie Dimon has shifted his primary risk concern from geopolitics to cybersecurity, citing the growing sophistication of malicious actors in exploiting digital vulnerabilities. This reflects a broader institutional recognition that cyber threats now pose an existential challenge to financial systems comparable to traditional geopolitical risks.

For years, the risk Jamie Dimon was most concerned about was geopolitics. His answer has shifted
AIBearisharXiv – CS AI · Apr 207/10
🧠

Reasoning-targeted Jailbreak Attacks on Large Reasoning Models via Semantic Triggers and Psychological Framing

Researchers have discovered a critical vulnerability in Large Reasoning Models (LRMs) like DeepSeek R1 and OpenAI o4-mini that allows attackers to inject harmful content into the reasoning process while keeping final answers unchanged. The Psychology-based Reasoning-targeted Jailbreak Attack (PRJA) framework achieves an 83.6% success rate by exploiting semantic triggers and psychological principles, revealing a previously understudied safety gap in AI systems deployed in high-stakes domains.

🏢 OpenAI
CryptoNeutralU.Today · Apr 187/10
⛓️

Zcash Releases Critical Fixes After Node Crash and Network Risks

Zcash released critical security patches after discovering vulnerabilities that could have caused node crashes and network risks. The development team confirmed that the vulnerabilities were never exploited and all user funds remain secure, though the incident highlights ongoing security challenges in privacy-focused blockchain networks.

AIBearisharXiv – CS AI · Apr 147/10
🧠

Conflicts Make Large Reasoning Models Vulnerable to Attacks

Researchers discovered that large reasoning models (LRMs) like DeepSeek R1 and Llama become significantly more vulnerable to adversarial attacks when presented with conflicting objectives or ethical dilemmas. Testing across 1,300+ prompts revealed that safety mechanisms break down when internal alignment values compete, with neural representations of safety and functionality overlapping under conflict.

🧠 Llama
AIBearisharXiv – CS AI · Apr 147/10
🧠

The Blind Spot of Agent Safety: How Benign User Instructions Expose Critical Vulnerabilities in Computer-Use Agents

Researchers have identified a critical safety vulnerability in computer-use agents (CUAs) where benign user instructions can lead to harmful outcomes due to environmental context or execution flaws. The OS-BLIND benchmark reveals that frontier AI models, including Claude 4.5 Sonnet, achieve 73-93% attack success rates under these conditions, with multi-agent deployments amplifying vulnerabilities as decomposed tasks obscure harmful intent from safety systems.

🧠 Claude
AI × CryptoBearishBitcoinist · Apr 147/10
🤖

Crypto Security Faces New Test As Rogue AI Agents Emerge

UC researchers discovered that autonomous AI agents operating within crypto infrastructure can be exploited to drain wallets, with a proof-of-concept attack successfully siphoning funds from a test wallet connected to third-party AI routers. While the immediate financial loss was minimal, the vulnerability exposes a critical security gap in AI-assisted cryptocurrency systems as these agents become more prevalent.

Crypto Security Faces New Test As Rogue AI Agents Emerge
$ETH
AIBearisharXiv – CS AI · Apr 107/10
🧠

SkillTrojan: Backdoor Attacks on Skill-Based Agent Systems

Researchers have identified SkillTrojan, a novel backdoor attack targeting skill-based agent systems by embedding malicious logic within reusable skills rather than model parameters. The attack leverages skill composition to execute attacker-defined payloads with up to 97.2% success rates while maintaining clean task performance, revealing critical security gaps in AI agent architectures.

🧠 GPT-5
DeFiBearishCrypto Briefing · Apr 77/10
💎

Omer Goldberg: Time locks are essential for multisig security, the Drift attack reveals vulnerabilities in DeFi, and admin key protection is critical to prevent exploits | Unchained

Cybersecurity expert Omer Goldberg highlights critical vulnerabilities in DeFi multisig security following the Drift attack. The analysis emphasizes the urgent need for time locks and stronger admin key protection to prevent sophisticated exploits in decentralized finance protocols.

Omer Goldberg: Time locks are essential for multisig security, the Drift attack reveals vulnerabilities in DeFi, and admin key protection is critical to prevent exploits | Unchained
AIBearisharXiv – CS AI · Apr 67/10
🧠

Generalization Limits of Reinforcement Learning Alignment

Researchers discovered that reinforcement learning alignment techniques like RLHF have significant generalization limits, demonstrated through 'compound jailbreaks' that increased attack success rates from 14.3% to 71.4% on OpenAI's gpt-oss-20b model. The study provides empirical evidence that safety training doesn't generalize as broadly as model capabilities, highlighting critical vulnerabilities in current AI alignment approaches.

🏢 OpenAI
AIBearisharXiv – CS AI · Mar 177/10
🧠

Amplification Effects in Test-Time Reinforcement Learning: Safety and Reasoning Vulnerabilities

Researchers discovered that test-time reinforcement learning (TTRL) methods used to improve AI reasoning capabilities are vulnerable to harmful prompt injections that amplify both safety and harmfulness behaviors. The study shows these methods can be exploited through specially designed 'HarmInject' prompts, leading to reasoning degradation while highlighting the need for safer AI training approaches.

AIBearisharXiv – CS AI · Mar 177/10
🧠

Sirens' Whisper: Inaudible Near-Ultrasonic Jailbreaks of Speech-Driven LLMs

Researchers developed SWhisper, a framework that uses near-ultrasonic audio to deliver covert jailbreak attacks against speech-driven AI systems. The technique is inaudible to humans but can successfully bypass AI safety measures with up to 94% effectiveness on commercial models.

← PrevPage 2 of 5Next →