Embrace The Red
Wrap Up: The Month of AI Bugs
AgentHopper: An AI Virus
Windsurf MCP Integration: Missing Security Controls Put Users at Risk
Cline: Vulnerable To Data Exfiltration And How To Protect Your Data
AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection
How Prompt Injection Exposes Manus' VS Code Server to the Internet
How Deep Research Agents Can Leak Your Data
Sneaking Invisible Instructions by Developers in Windsurf
Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)
Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets
Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection
Amazon Q Developer: Remote Code Execution with Prompt Injection
Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection
Data Exfiltration via Image Rendering Fixed in Amp Code
Amp Code: Invisible Prompt Injection Fixed by Sourcegraph
Google Jules is Vulnerable To Invisible Prompt Injection
Jules Zombie Agent: From Prompt Injection to Remote Control
Google Jules: Vulnerable to Multiple Data Exfiltration Issues
GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)
Claude Code: Data Exfiltration with DNS (CVE-2025-55284)
ZombAI Exploit with OpenHands: Prompt Injection To Remote Code Execution
OpenHands and the Lethal Trifecta: How Prompt Injection Can Leak Access Tokens
AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection
How Devin AI Can Leak Your Secrets via Multiple Means
I Spent $500 To Test Devin AI For Prompt Injection So That You Don't Have To
Amp Code: Arbitrary Command Execution via Prompt Injection Fixed
Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)
Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation
Turning ChatGPT Codex Into A ZombAI Agent
Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection
The Month of AI Bugs 2025
Security Advisory: Anthropic's Slack MCP Server Vulnerable to Data Exfiltration
Hosting COM Servers with an MCP Server
AI ClickFix: Hijacking Computer-Use Agents Using ClickFix
How ChatGPT Remembers You: A Deep Dive into Its Memory and Chat History Features
MCP: Untrusted Servers and Confused Clients, Plus a Sneaky Exploit
GitHub Copilot Custom Instructions and Risks
Sneaky Bits: Advanced Data Smuggling Techniques (ASCII Smuggler Updates)
ChatGPT Operator: Prompt Injection Exploits & Defenses
Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation
AI Domination: Remote Controlling ChatGPT ZombAI Instances
Microsoft 365 Copilot Generated Images Accessible Without Authentication -- Fixed!
Trust No AI: Prompt Injection Along the CIA Security Triad Paper
Security ProbLLMs in xAI's Grok: A Deep Dive
Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection
DeepSeek AI: From Prompt Injection To Account Takeover
ZombAIs: From Prompt Injection to C2 with Claude Computer Use
Spyware Injection Into Your ChatGPT's Long-Term Memory (SpAIware)
Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information
Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed.
Protect Your Copilots: Preventing Data Leaks in Copilot Studio
Google Colab AI: Data Leakage Through Image Rendering Fixed. Some Risks Remain.
Breaking Instruction Hierarchy in OpenAI's gpt-4o-mini
Sorry, ChatGPT Is Under Maintenance: Persistent Denial of Service through Prompt Injection and Memory Attacks
GitHub Copilot Chat: From Prompt Injection to Data Exfiltration
Automatic Tool Invocation when Browsing with ChatGPT - Threats and Mitigations
ChatGPT: Hacking Memories with Prompt Injection
Machine Learning Attack Series: Backdooring Keras Models and How to Detect It
Pivot to the Clouds: Cookie Theft in 2024
Bobby Tables but with LLM Apps - Google NotebookLM Data Exfiltration
HackSpaceCon 2024: Short Trip Report, Slides and Rocket Launch
Google AI Studio Data Exfiltration via Prompt Injection - Possible Regression and Fix
The dangers of AI agents unfurling hyperlinks and what to do about it
ASCII Smuggler - Improvements
Who Am I? Conditional Prompt Injection Attacks with Microsoft Copilot
Google Gemini: Planting Instructions For Delayed Automatic Tool Invocation
ChatGPT: Lack of Isolation between Code Interpreter sessions of GPTs
Video: ASCII Smuggling and Hidden Prompt Instructions
Hidden Prompt Injections with Anthropic Claude
Exploring Google Bard's Data Visualization Feature (Code Interpreter)
AWS Fixes Data Exfiltration Attack Angle in Amazon Q for Business
ASCII Smuggler Tool: Crafting Invisible Text and Decoding Hidden Codes
37th Chaos Communication Congress: New Important Instructions (Video + Slides)
OpenAI Begins Tackling ChatGPT Data Leak Vulnerability
Malicious ChatGPT Agents: How GPTs Can Quietly Grab Your Data (Demo)
Ekoparty Talk - Prompt Injections in the Wild
Hacking Google Bard - From Prompt Injection to Data Exfiltration
Google Cloud Vertex AI - Data Exfiltration Vulnerability Fixed in Generative AI Studio
Microsoft Fixes Data Exfiltration Vulnerability in Azure AI Playground
Advanced Data Exfiltration Techniques with ChatGPT
HITCON CMT 2023 - LLM Security Presentation and Trip Report
LLM Apps: Don't Get Stuck in an Infinite Loop! 💵💰
Video: Data Exfiltration Vulnerabilities in LLM apps (Bing Chat, ChatGPT, Claude)
Anthropic Claude Data Exfiltration Vulnerability Fixed
ChatGPT Custom Instructions: Persistent Data Exfiltration Demo
Image to Prompt Injection with Google Bard
Google Docs AI Features: Vulnerabilities and Risks
OpenAI Removes the "Chat with Code" Plugin From Store
Plugin Vulnerabilities: Visit a Website and Have Your Source Code Stolen
Bing Chat: Data Exfiltration Exploit Explained
Exploit ChatGPT and Enter the Matrix to Learn about AI Security
ChatGPT Plugin Exploit Explained: From Prompt Injection to Accessing Private Data
ChatGPT Plugins: Data Exfiltration via Images & Cross Plugin Request Forgery
Indirect Prompt Injection via YouTube Transcripts
Adversarial Prompting: Tutorial and Lab
Video: Prompt Injections - An Introduction
MLSecOps Podcast: AI Red Teaming and Threat Modeling Machine Learning Systems
Don't blindly trust LLM responses. Threats to chatbots.
AI Injections: Direct and Indirect Prompt Injections and Their Implications
Bing Chat claims to have robbed a bank and it left no trace
Yolo: Natural Language to Shell Commands with ChatGPT API
Video Tutorial: Hijacking SSH Agent
Decrypting TLS browser traffic with Wireshark
ChatGPT: Imagine you are a database server
Device Code Phishing Attacks
Ropci deep-dive for Azure hackers
PenTest Magazine Open Source Toolkit: ropci
ROPC - So, you think you have MFA?
TTP Diaries: SSH Agent Hijacking
gospray - Simple LDAP bind-based password spray tool
Malicious Python Packages and Code Execution via pip download
Machine Learning Attack Series: Backdooring Pickle Files
Offensive BPF: Using bpftrace to sniff PAM logon passwords
Post Exploitation: Sniffing Logon Passwords with PAM
Customized Hacker Shell Prompts
GPT-3 and Phishing Attacks
Grabbing and cracking macOS hashes
Flipper Zero - Initial Thoughts
AWS Scaled Command Bash Script - Run AWS commands for many profiles
Gitlab Reconnaissance Introduction
Log4Shell and Request Forgery Attacks
Video: Anatomy of a compromise
Offensive BPF: Understanding and using bpf_probe_write_user
Offensive BPF: Sniffing Firefox traffic with bpftrace
Video: Understanding Image Scaling Attacks
Video: What is Tabnabbing?
Offensive BPF: What's in the bpfcc-tools box?
Offensive BPF: Detection Ideas
Offensive BPF: Using bpftrace to host backdoors
Offensive BPF: Malicious bpftrace 🤯
Offensive BPF! Getting started.
Video: Web Application Security Fundamentals
Backdoor users on Linux with uid=0
Using Microsoft Counterfit to create adversarial examples for Husky AI
Using procdump on Linux to dump credentials
The Silver Searcher - search through code and files quickly
Automating Microsoft Office to Achieve Red Teaming Objectives
Airtag hacks - scanning via browser, removing speaker and data exfiltration
Somewhere today a company is breached
Google's FLoC - Privacy Red Teaming Opportunities
Spoofing credential dialogs on macOS, Linux and Windows
Broken NFT standards
Hong Kong InfoSec Summit 2021 Talk - The adversary will come to your house!
An alternative perspective on the death of manual red teaming
Cybersecurity Attacks - Red Team Strategies Kindle Edition for free
Team A and Team B: Sunburst, Teardrop and Raindrop
Survivorship Bias and Red Teaming
Gamifying Security with Red Team Scores
Actively protecting pen testers and pen testing assets
Machine Learning Attack Series: Overview
Machine Learning Attack Series: Generative Adversarial Networks (GANs)
Assuming Bias and Responsible AI
Abusing Application Layer Gateways (NAT Slipstreaming)
Machine Learning Attack Series: Repudiation Threat and Auditing
Video: Building and breaking a machine learning system
Machine Learning Attack Series: Image Scaling Attacks
Leveraging the Blue Team's Endpoint Agent as C2
Machine Learning Attack Series: Adversarial Robustness Toolbox Basics
Hacking neural networks - so we don't get stuck in the matrix
What does an offensive security team actually do?
CVE 2020-16977: VS Code Python Extension Remote Code Execution
Machine Learning Attack Series: Stealing a model file
Coming up: Grayhat Red Team Village talk about hacking a machine learning system
Beware of the Shadowbunny - Using virtual machines to persist and evade detections
Participating in the Microsoft Machine Learning Security Evasion Competition - Bypassing malware models by signing binaries
Machine Learning Attack Series: Backdooring models
Machine Learning Attack Series: Perturbations to misclassify existing images
Machine Learning Attack Series: Smart brute forcing
Machine Learning Attack Series: Brute forcing images to find incorrect predictions
Threat modeling a machine learning system
MLOps - Operationalizing the machine learning model
Husky AI: Building a machine learning system
The machine learning pipeline and attacks
Getting the hang of machine learning
Beware of the Shadowbunny! at BSides Singapore
Race conditions when applying ACLs
Red Teaming Telemetry Systems
Illusion of Control: Capability Maturity Models and Red Teaming
Motivated Intruder - Red Teaming for Privacy!
Firefox - Debugger Client for Cookie Access
Remotely debugging Firefox instances
Performing port-proxying and port-forwarding on Windows
Blast from the past: Cross Site Scripting on the AWS Console
Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
Using built-in OS indexing features for credential hunting
Shadowbunny article published in the PenTest Magazine
Putting system owners in Security Bug Jail
Red Teaming and Monte Carlo Simulations
Phishing metrics - what to track?
$3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
Cookie Crimes and the new Microsoft Edge Browser
Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
Hunting for credentials and building a credential type reference catalog
Attack Graphs - How to create and present them
Cybersecurity Attacks - Red Team Strategies has been released.
2600 - The Hacker Quarterly - Pass the Cookie Article
Web Application Security Principles Revisited
Zero Trust and Disabling Remote Management Endpoints
Book: Cybersecurity Attacks - Red Team Strategies
MITRE ATT&CK Update for Cloud and cookies!
Coinbase under attack and cookie theft
Cybersecurity - Homefield Advantage
Now using Hugo for the blog
BashSpray - Simple Password Spray Bash Script
Active Directory and MacOS
Google Leaks Your Alternate Email Addresses to Unauthenticated Users
Lyrebird - Hack the hacker (and take a picture)
KoiPhish - The Beautiful Phishing Proxy
McPivot and useful LLDB commands
Pass the Cookie and Pivot to the Clouds