Microsoft has patched an indirect prompt injection flaw in Microsoft 365 Copilot that could have allowed attackers to steal sensitive data using clickable Mermaid diagrams. According to findings published by security researcher Adam Logue, the exploit could be triggered through specially crafted Office documents containing hidden instructions. When processed by Copilot, these prompts caused the…
Category: Generative AI, Security, Vulnerabilities
Exploits, Generative AI, Security, Vulnerabilities, Global Security News
Microsoft’s AI tool catches critical GRUB2, U-boot bootloader flaws
Microsoft’s Threat Intelligence team has leveraged its AI-driven Security Copilot tool to identify 20 critical vulnerabilities in widely used open-source bootloaders — GRUB2, U-Boot, and Barebox. These bootloaders are crucial for initializing operating systems, particularly in Linux-based environments and embedded systems. The newly discovered flaws affect systems utilizing Unified Extensible Firmware Interface (UEFI) Secure Boot,…
Exploits, Generative AI, Security, Vulnerabilities, Global Security News
A pickle in Meta’s LLM code could allow RCE attacks
Meta’s large language model (LLM) framework, Llama, suffers a typical open-source coding oversight, potentially allowing arbitrary code execution on servers leading to resource theft, data breaches, and AI model takeover. The flaw, tracked as CVE-2024-50050, is a critical deserialization bug belonging to a class of vulnerabilities arising from the improper use of the open-source library…