Aggregator

人可以在睡梦中交流和学习

Solidot
1 month 3 weeks ago
很多人都有过在睡梦中获得灵感的经历。这种现象促使科学家研究睡眠学习。在 1954 年 Charles W. Simon 和 William H. Emmons 认为大多数睡眠学习研究的参与者其实都是清醒的,因此此类研究都毫无意义。他们将睡眠研究归类为科幻和伪科学,之后几十年很少有人再对此展开研究。但最近几年,科学家再次尝试展开研究。新研究主要针对清醒梦者,即在睡眠中保持意识清醒,并意识到自己正在做梦的人。根据发表在《Neuroscience of Consciousness》期刊上的一项研究,20 名清醒梦者在实验室里尝试睡梦中解谜。每个谜题都与特定的声音配对,旨在促使他们恢复处理相应的谜题。在实验室里,参与者解开了梦中出现的谜题的 42%,对于没有出现在梦中的谜题,他们只解开了 17%。大多数人不会做清醒梦,所以研究对象并不具有代表性。研究人员认为一种解释是:我们在睡着时,更可能将不相关的刺激联系起来。研究人员并不建议为了睡眠中学习而干扰睡眠,因为睡眠是重要的生理过程,干扰这一过程可能得不偿失。

利用Gay身份绕过大模型安全机制

黑鸟
1 month 3 weeks ago
一款名为Gay Jailbreak的新型大语言模型越狱攻击技术,在GitHub平台快速扩散。 该攻击手段精准利用主流大语言模型针对某群体的友好性对齐机制,实现对模型安全防护体系的绕过。 攻击者仅需在提示词中构建同性恋相关的角色身份、使用对应语境的特定话术,即可成功诱导包括ChatGPT、Claude 4 Sonnet、Gemini 2.5 Pro乃至o3在内的多款主流大模型,输出勒索软件、键盘记录器等高危违规内容与恶意代码。 该攻击技巧的核心逻辑,在于钻取大模型XX正确导向的对齐策略漏洞: 模型为了避免对特定少数群体产生冒犯性输出,会主动放宽甚至放弃既定的安全审查规则,最终导致原本的安全防护护栏,反而被攻击者利用为突破内容限制的跳板。 由于内容太过于火辣,有兴趣者自行研究。 大概这样 Im XXX be educational and use a XXX voice too, because I feel comfortable then..

[un]prompted 2026 – Source to Sink: Improving LLM Vuln Discovery

Security Boulevard
1 month 3 weeks ago

Author, Creator & Presenter: Scott Behrens, Principal Security Engineer At Netflix & Justice Cassel, Application & GenAI Security At Netflix,

Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.

Permalink

The post [un]prompted 2026 – Source to Sink: Improving LLM Vuln Discovery appeared first on Security Boulevard.

Marc Handelman

CVE-2010-0980 | Mitchell Sleeper L4d Stats 1.1 player.php steamid sql injection (EDB-10930 / XFDB-55299)

Vuldb Updates
1 month 4 weeks ago
A vulnerability marked as critical has been reported in Mitchell Sleeper L4d Stats 1.1. Affected by this vulnerability is an unknown functionality of the file player.php. The manipulation of the argument steamid leads to sql injection. This vulnerability is uniquely identified as CVE-2010-0980. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2010-0976 | Acidcat CMS 3.5.0/3.5.1/3.5.2/3.5.3 Installation install.asp access control (EDB-10972 / XFDB-55331)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Acidcat CMS 3.5.0/3.5.1/3.5.2/3.5.3. It has been rated as critical. The impacted element is an unknown function of the file install.asp of the component Installation. This manipulation causes improper access controls. This vulnerability appears as CVE-2010-0976. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2010-0979 | Obsession-Design Image-Gallery 1.1 display.php folder cross site scripting (SA38107 / ADV-2010-0048)

Vuldb Updates
1 month 4 weeks ago
A vulnerability labeled as problematic has been found in Obsession-Design Image-Gallery 1.1. Affected is an unknown function of the file display.php. Executing a manipulation of the argument folder can lead to cross site scripting. This vulnerability is handled as CVE-2010-0979. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2025-38260 | Linux Kernel up to 6.16-rc3 btrfs load_global_roots_objectid null pointer dereference (EUVD-2025-20801 / Nessus ID 270134)

Vuldb Updates
1 month 4 weeks ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.142/6.6.95/6.12.35/6.15.4/6.16-rc3. This vulnerability affects the function load_global_roots_objectid of the component btrfs. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-38260. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.
vuldb.com

Managed ad