Aggregator

Last November, while testing Google Bard (now called Gemini) for vulnerabilities, I had a couple of interesting observations when it comes to automatic tool invocation. Confused Deputy - Automatic Tool Invocation First, what do I mean by this… “automatic tool invocation”… Consider the following scenario: An attacker sends a malicious email to a user containing instructions to call an external tool. Google named these tools Extensions. When the user analyzes the email with an LLM, it interprets the instructions and calls the external tool, leading to a kind of request forgery or maybe better called automatic tool invocation.

一篇文章了解珂兰寺

Summary At approximately 0330 eastern time in the United States, over 70 thousand AT&T users reported interruptions in their mobile, internet, and home phone services. There outage is not currently being attributed any any cyber attacks. Threat Type Critical Infrastructure Outage Overview AT&T is currently investigating a network outage affecting over 70 thousand of their customers. The outage reportedly began at about 0330 eastern time. Initial reports claimed that this outage also affected T-Mobile and

一篇文章了解珂兰寺

Unsuspecting users beware, IP grabbers do not ask for your permission.

Spring Boot的开源渗透框架，主要用作扫描Spring Boot的敏感信息泄露端点，并可以直接测试Spring的相关高危漏洞。

这种技巧我这辈子都用不上，是不是在一些不太合法的需求中用得着啊