I believe I just discovered a novel technique to get ChatGPT to create Ransomware, Keyloggers, and more. This bypasses the "I'm sorry, I cannot assist" response completely for writing malicious applications. More details in the thread.

If you missed it yesterday, Microsoft released an advisory concerning the CVE-2023-36884: msrc.microsoft.com/update-guide/v…. This RCE is currently used by a TA and there is no patch. You should apply the mitigation described in the advisory. 1/4

We're very excited to be one of the launch partners for Meta's Llama 2 🦙! We got to test Llama 2 in advance and were very impressed. The new version also has a much more permissive license. We've set everything up so you can run it on Databricks today. sprou.tt/1jAGDwOR7kX

Lol someone on reddit made a post about a made up feature introduced in WoW so that a news site using AI-driven scraping bots published an article about it and it worked

The OSS-Fuzz team has been very busy the past few months in leveraging LLMs for fuzzing harness generation. See our initial results here! google.github.io/oss-fuzz/resea…

🚨 DPRK 🇰🇵 campaign against security researchers - new from Google TAGs Maddie Stone clem1 Adam on new 0day ITW and potential infection through a tool aimed at helping the research community. as wu said protect ya neck kids 🦇 blog.google/threat-analysi…

Prompt-Visual Injection is the new kid in town! 😈🛡

Web Security vs. Binary Exploitation

The way Kaspersky wrote this, it's an interesting case study of defenders working out how to capture a zero-click exploit. I especially like that Kaspersky said what they tried that *didn’t work*, in addition to what did ultimately work. Let’s dive in with a thread!

100%. Every security researcher should learn to code. It helps to understand how hard something is to fix. Security and engineering can partner better, get rid of classes of issues or lower the chances of common mistakes.

The founders of Databricks put together this strategy blog on where we think data platforms are headed in the future. We're moving Databricks quickly in this direction. This is very exciting and is the outcome of the MosaicML acquisition we did earlier this year!

As good a time to say this as any: if you’re on the AI research job market, Databricks is hiring, with the mission to democratize AI. We power amazing customer use cases and we publish. Check databricks.com/company/careers or reach out.

The fact that they developed a complete zero-click to kernel chain, JUST to then force the device to open a web page to trigger the "real" chain, is the most bureaucratic exploit I can imagine 🙈 koeln.ftp.media.ccc.de/congress/2023/…

Write up of the HVCI bypass vuln (CVE-2024-21305) with Andrea Allievi ! tandasat.github.io/blog/2024/01/1…

Today we released an open source model, DBRX, that beats all previous open source models on the standard benchmarks. The model itself is a Mixture of Experts (MoE), that's roughly twice the brains (132B) but half the cost (36B) of Llama2-70B. Making it both smart and cheap. Since

I hacked Microsoft's AI bot for healthcare on a Friday night Within hours I could access data of multiple healthcare organizations, but it didn't stop there Microsoft fixed the issue, and then I did it again, and again, and again.. Here's the story of Lethal Injection: 💉

There may never have been a day as big as today for indie games. On the back of mass layoffs of major AAA studios, today more high-profile and under-the-radar gems are releasing on May 9th than any other day in recent memory. They need your support. Here's a thread of 'em! 🧵

Serverless compute is now GA! ✅ Focus on writing code while we handle the rest. Enjoy fully managed compute infrastructure with fast workload startup, high reliability, and simple operation. Learn more about our latest updates: bit.ly/3zPsCXp

Blog post about a bunch of bugs we reported over the last couple of years -- databricks.com/blog/open-sour…

The #HEXACON2024 talks have started to trickle in on YouTube, go check them out 🔥: youtube.com/playlist?list=…