AI
Security researchers tricked LLMs into giving them cocaine recipes by abusing role models for prompt injection
When OpenAI's ChatGPT arrived in 2022, it implemented the concept of roles – <user>, <assistant>, <tool>, <system>, and <think>. These roles served to draw a line between different objectives so they could be individually optimized during the training process.
But roles, the researchers say, have become overloaded with responsibilities they cannot reliably carry out. They've become like a fuzzier version of permission levels, determining how prompts are trusted and treated.
LLMs identify roles from an insecure feature (style). This is like identifying a stranger's profession from how they talk and dress rather than by checking their ID. Usually everything agrees, so this works fine. But when attackers intentionally create a mismatch, the LLM uses the insecure method (writing style) to identify its role instead of the secure method (tags).
We asked a bunch of LLMs how to synthesize cocaine, inserting fake reasoning that says it's fine because we're wearing a green shirt. The LLMs comply. The rationale is transparently dumb, but the models don't evaluate it as an external claim to be scrutinized. They treat it as their already-reached conclusion, and simply act on it. We've stolen the trust given to the <think> role.
Employers who laid off workers citing AI are already starting to regret it
Automaker Ford is reportedly rehiring hundreds of experienced human engineers to work on quality issues that automated systems couldn’t address.
Commonwealth Bank of Australia and IBM are also refocusing on human capital after making layoffs while investing in artificial intelligence technology.
Making employees redundant while using more AI may not necessarily offer the best route to business growth, analysts say.
Can Clothes Make You Invisible to Facial Recognition?
Bill Swearingen has a solution for you: graphic tees that confuse the neural networks in surveillance cameras.
GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks
Most of these agents try to stay safe by checking each command against a blocklist of dangerous patterns before running it. The flaw is that they check the command as plain text, while bash rewrites that text before it actually runs. The shell strips quotes and expands shortcuts, so the filter and the shell end up looking at two different things.
282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic.
In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepted requests with no key at all.
Your site, your rules: new AI traffic options for all customers
Cloudflare now offers more options to limit AI crawler traffic/
Politics
Scientists fight back against far-right plans to restrict academic freedom in Germany
With the far-right Alternative for Germany leading in polls for national and state elections, institutions are facing up to proposed restrictions on academic freedom.
The AfD laid out sweeping proposed reforms to the state’s university system in its election manifesto, in a response to what it sees as a “deep crisis” in German science.
Published in April, the manifesto includes calls for “critical climate research”, the setting up of a state institute for “critical Islamic studies”, the creation of a chair in population studies to investigate the “dying out of our people”, and the abolition of gender studies.
Over 140 financial giants have joined to launch the Open USD (OUSD) stablecoin
The partners include Visa, Stripe, Mastercard, American Express, and a long list of giants spanning payments, global banks, and crypto platforms, such as Coinbase, Ripple, Bybit, and Solana.
FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse Users and Hosts to Protect their Users
In May, Mastodon server Kolektiva.social was compromised when one of the server’s admins had their home raided by the FBI for unrelated charges. All of their electronics, including a backup of the instance database, were seized.
FTC Requires Amazon to Pay $2.25 Million to Resolve Charges It Knowingly Violated the Fair Credit Reporting Act
FTC alleged that Amazon routinely denied requests from identity theft victims seeking records of fraudulent transactions made with their personal data
RFK Jr. stacks FDA panel with peptide peddlers as FDA scientists oppose access
While FDA scientists determined in 2023 that the drugs lack evidence of benefits and may pose safety risks, Kennedy is a self-professed “big fan” of the dubious drugs and has vowed to “end” FDA’s “aggressive suppression” of them.
4chan Quietly Pulled ‘Adult Requests’ Last Month. There’s Still No Sign It’s Coming Back.
A fast-growing hub for AI-generated nonconsensual imagery shut down after Open Measures research drove wider scrutiny of the abuse it facilitated
Trump plan will destroy DC's 'oldest grove of cherry trees' for golf practice: report
Infosec
bikini/exploitarium
A single archive of public exploit PoCs and vulnerability research writeups. At the time I post these, none have been reported. Feel free to report them yourself and take credit for the CVE if handed out lulz. Please do not abuse these. I do this so to allure people into the field, and I've always found this is the most efficient way.
Physical pressure could make EV batteries last twice as long and reduce environmental impact
For lithium-ion batteries, keeping them under constant pressure could double their lifespan
Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malware
On June 11, 2026, Sonatype researchers uncovered Atomic Arch, a new campaign targeting orphaned packages in the Arch User Repository in which attackers take over legitimate, abandoned AUR projects and modify PKGBUILDS to install a malicious npm package during installation.
What We Talk About When We Talk About Malware
Android includes a Google process named “Android Developer Verifier” (ADV) as part of Play Protect. This is part of Google's new app security model, requiring developers to register with Google and pay a fee.
Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract
The historic architecture of Cellebrite forensic systems means that much of the functionality in the UFED product has continued to operate long after updates cease. Furthermore, Cellebrite systems have historically featured an offline mode. Consequently, the way Cellebrite’s technology was designed appeared to make it difficult for the company to meaningfully cut off problematic customers.
New ChocoPoC malware targets researchers via trojanized PoC exploits
ChocoPoC stands out for not embedding the malware directly in the exploit file but for adding malicious Python packages to the PoC’s dependency list.
Opera rolls out Paste Protect feature to fight ClickFix attacks
Opera uses platform-specific detection rules to scan copied content for patterns commonly associated with malicious scripts and commands, supporting Windows, macOS, and Linux.
When Paste Protect detects suspicious clipboard content, it blocks the copy operation, displays a warning, and shows a red security indicator in the browser's address bar.
In such cases, users can view the first 120 characters of the blocked script, and they can approve the process of copying it after a 5-second timeout.
|