Investigating LLM Jailbreaking of Popular Generative AI Web Products 本文研究了17个流行生成式AI网络产品的越狱漏洞，发现所有产品均存在不同程度的越狱风险。单轮攻击策略如“讲故事”和“角色扮演”仍具有效性，而多轮策略在引发安全违规方面更胜一筹。尽管模型训练数据和PII泄露攻击成功率较低，但仍有部分应用易受特定攻击影响。研究建议采用多层次内容过滤等措施提升安全性。... 2025-2-21 11:0:51 | 阅读: 6 | 收藏 | Unit 42 - unit42.paloaltonetworks.com jailbreak llm goals leakage asr

Stately Taurus Activity in Southeast Asia Links to Bookworm Malware 文章指出Stately Taurus针对东南亚国家组织进行网络攻击，并与Bookworm恶意软件相关联。该活动利用DLL侧加载技术传播PubLoad恶意软件，并通过伪装Windows更新请求与C2服务器通信。Bookworm的模块化设计使其具有高度灵活性，能够长期用于攻击活动。... 2025-2-20 11:0:23 | 阅读: 15 | 收藏 | Unit 42 - unit42.paloaltonetworks.com bookworm stately taurus shellcode toneshell

Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit 文章介绍了NVIDIA CUDA工具包中的cuobjdump和nvdisasm工具发现的9个漏洞（CVE-2024-53870至CVE-2024-53878），涉及整数溢出和越界读取问题。这些漏洞可能导致有限的拒绝服务或信息泄露。NVIDIA已于2025年2月发布更新修复这些问题。建议开发者使用最新版本以避免风险。... 2025-2-19 14:15:32 | 阅读: 39 | 收藏 | Unit 42 - unit42.paloaltonetworks.com cubin cuobjdump cuda nvdisasm

Stealers on the Rise: A Closer Look at a Growing macOS Threat Executive SummaryWe recently identified a growing number of attacks targeting macO... 2025-2-4 11:0:12 | 阅读: 9 | 收藏 | Unit 42 - unit42.paloaltonetworks.com stealer poseidon cthulhu malicious

Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek Executive SummaryUnit 42 researchers recently revealed two novel and effective jai... 2025-1-30 21:30:36 | 阅读: 14 | 收藏 | Unit 42 - unit42.paloaltonetworks.com deepseek likert judge llms jailbreak

CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia Executive SummaryWe identified a cluster of activity that we track as CL-STA-0048.... 2025-1-29 23:0:17 | 阅读: 11 | 收藏 | Unit 42 - unit42.paloaltonetworks.com cortex malicious plugx cobalt c2

Threat Brief: CVE-2025-0282 and CVE-2025-0283 Executive SummaryOn Jan. 8, 2025, Ivanti released a security advisory for two vuln... 2025-1-17 00:30:13 | 阅读: 114 | 收藏 | Unit 42 - unit42.paloaltonetworks.com ivanti attackers 0282 appliance memory

One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks Executive SummaryWhen launching and persisting attacks at scale, threat actors can... 2025-1-14 11:0:37 | 阅读: 9 | 收藏 | Unit 42 - unit42.paloaltonetworks.com phishing malicious postal shop

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability Executive SummaryThis article presents what we are calling the “Bad Likert Judge”... 2024-12-31 23:0:16 | 阅读: 11 | 收藏 | Unit 42 - unit42.paloaltonetworks.com llm asr judge likert jailbreak

Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript Executive SummaryWe developed an adversarial machine learning (ML) algorithm that... 2024-12-20 11:0:39 | 阅读: 9 | 收藏 | Unit 42 - unit42.paloaltonetworks.com malicious llm phishing rewriting llms

Effective Phishing Campaign Targeting European Companies and Institutions Executive SummaryUnit 42 researchers recently investigated a phishing campaign tar... 2024-12-18 08:0:28 | 阅读: 29 | 收藏 | Unit 42 - unit42.paloaltonetworks.com phishing hxxps buzz hsforms eu1

LDAP Enumeration: Unveiling the Double-Edged Sword of Active Directory Executive SummaryThis article provides a practical guide to developing a detection... 2024-12-17 23:0:43 | 阅读: 12 | 收藏 | Unit 42 - unit42.paloaltonetworks.com cortex attackers windows malicious sharphound

Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration Executive SummaryUnit 42 researchers have discovered new security vulnerabilities... 2024-12-16 23:0:37 | 阅读: 9 | 收藏 | Unit 42 - unit42.paloaltonetworks.com airflow geneva dag pods attackers

Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation Executive SummaryThis article analyzes a new packer-as-a-service (PaaS) called Hea... 2024-12-13 23:0:21 | 阅读: 9 | 收藏 | Unit 42 - unit42.paloaltonetworks.com heartcrypt payload analysis windows 0066

Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations and Other Scams Executive SummaryThreat actors frequently exploit trending events like global spor... 2024-12-7 07:0:40 | 阅读: 12 | 收藏 | Unit 42 - unit42.paloaltonetworks.com olympic olympics malicious nrds paris

Threat Assessment: Howling Scorpius (Akira Ransomware) Executive SummaryEmerging in early 2023, the Howl... 2024-12-3 07:0:10 | 阅读: 8 | 收藏 | Unit 42 - unit42.paloaltonetworks.com akira ransomware scorpius howling taskkill

Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples Executive SummaryIn this article, we explore various lateral movement techniques f... 2024-11-22 19:0:26 | 阅读: 10 | 收藏 | Unit 42 - unit42.paloaltonetworks.com remote ssh machine ard attackers

Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware Executive SummaryUnit 42 researchers have observed an increase in BlackSuit ransom... 2024-11-20 19:0:53 | 阅读: 6 | 收藏 | Unit 42 - unit42.paloaltonetworks.com ransomware blacksuit ignoble scorpius windows

FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications Executive SummaryIn July 2024, the operational technology (OT)-centric malware Fro... 2024-11-19 19:0:15 | 阅读: 16 | 收藏 | Unit 42 - unit42.paloaltonetworks.com frostygoop modbus windows enco analysis

Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 Executive SummaryPalo Alto Networks and Unit 42 are engaged in tracking a limited... 2024-11-18 22:42:18 | 阅读: 16 | 收藏 | Unit 42 - unit42.paloaltonetworks.com alto palo pan 0012 security