Aggregator

The address bar/ChatGPT input window in OpenAI's browser ChatGPT Atlas "could be targeted for prompt injection using malicious instructions disguised as links," reports SC World, citing a report from AI/agent security platform NeuralTrust: NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM. A malformation, such as an extra space after the first slash following "https:" prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser's address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default. An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a "copy link" button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted. These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user's integrated applications or logged-in sites like Google Drive, NeuralTrust said. Last month browser security platform LayerX also described how malicious prompts could be hidden in URLs (as a parameter) for Perplexity's browser Comet. And last week SquareX Labs demonstrated that a malicious browser extension could spoof Comet's AI sidebar feature and have since replicated the proof-of-concept (PoC) attack on Atlas. But another new vulnerability in ChatGPT Atlas "could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code," reports The Hacker News, citing a report from browser security platform LayerX: "This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX Security Co-Founder and CEO, Or Eshed, said in a report shared with The Hacker News. The attack, at its core, leverages a cross-site request forgery (CSRF) flaw that could be exploited to inject malicious instructions into ChatGPT's persistent memory. The corrupted memory can then persist across devices and sessions, permitting an attacker to conduct various actions, including seizing control of a user's account, browser, or connected systems, when a logged-in user attempts to use ChatGPT for legitimate purposes.... "What makes this exploit uniquely dangerous is that it targets the AI's persistent memory, not just the browser session," Michelle Levy, head of security research at LayerX Security, said. "By chaining a standard CSRF to a memory write, an attacker can invisibly plant instructions that survive across devices, sessions, and even different browsers. In our tests, once ChatGPT's memory was tainted, subsequent 'normal' prompts could trigger code fetches, privilege escalations, or data exfiltration without tripping meaningful safeguards...." LayerX said the problem is exacerbated by ChatGPT Atlas' lack of robust anti-phishing controls, the browser security company said, adding it leaves users up to 90% more exposed than traditional browsers like Google Chrome or Microsoft Edge. In tests against over 100 in-the-wild web vulnerabilities and phishing attacks, Edge managed to stop 53% of them, followed by Google Chrome at 47% and Dia at 46%. In contrast, Perplexity's Comet and ChatGPT Atlas stopped only 7% and 5.8% of malicious web pages. From The Conversation: Sandboxing is a security approach designed to keep websites isolated and prevent malicious code from accessing data from other tabs. The modern web depends on this separation. But in Atlas, the AI agent isn't malicious code — it's a trusted user with permission to see and act across all sites. This undermines the core principle of browser isolation. Thanks to Slashdot reader spatwei for suggesting the topic.

Read more of this story at Slashdot.

Education Secretary Bridget Phillipson is set to announce that all children should be taught Biology, Physics and Chemistry and be examined on them separately again.

My secret singleton behaviour. It's very odd, and shaming. I don't mean the fact I only open my fridge with a corner of my T-shirt to avoid a smudge.

The ad uses a 'voiceover' from fellow Republican Reagan - US President between 1981 and 1989 - saying tariffs caused trade wars and economic disaster.

They have been named the best in Essex

The Hollywood actress, 40, hails from a family of creatives as the daughter of playwright and screenwriter Sharman MacDonald and stage actor Will Knightley.

The violence allegedly broke out in Piccadilly Gardens, in Manchester city centre, yesterday evening after a YouTuber, known as Cozzy, confronted the two people.

"Traditionally, exploring the interior of atomic nuclei requires enormous particle accelerators that stretch for kilometers and propel beams of electrons at extremely high speeds," writes SciTechDaily. But MIT physicists have unveiled a groundbreaking alternative that "used the atom's own electrons as probes to momentarily enter the nucleus..." In research published in Science, a team of MIT physicists achieved exceptionally precise measurements of the energy of electrons orbiting a radium atom that had been chemically bonded with a fluoride atom to form radium monofluoride. By studying these molecules, the researchers created a kind of miniature particle collider. Within this environment, the electrons surrounding the radium atom were confined closely enough to occasionally slip into the nucleus before returning to their usual orbits... When those electrons returned to their outer paths, they retained the altered energy, effectively carrying a "message" from within the nucleus that could be decoded to reveal its internal arrangement... [The researchers] trapped and cooled the molecules and sent them through a system of vacuum chambers, into which they also sent lasers, which interacted with the molecules. In this way, the researchers were able to precisely measure the energies of electrons inside each molecule. When the researchers analyzed their measurements, they noticed that the electrons carried slightly different energies than expected if they had remained outside the nucleus. The difference was incredibly small, only about one millionth of the energy of the laser photon used to excite the molecules, but it was clear evidence that the electrons had entered the radium nucleus and interacted with its protons and neutrons... The researchers plan to use this new technique to create a detailed map of how forces are distributed inside the nucleus... to chart the nucleus with greater precision and search for possible violations of fundamental symmetries in nature. "It is thought that additional sources of fundamental symmetry violation are required to explain the almost complete absence of antimatter in our universe," the article points out. "Such violations could be seen within the nuclei of certain atoms such as radium... "Unlike most atomic nuclei, which are spherical in shape, the radium atom's nucleus has a more asymmetrical configuration, similar to a pear. Scientists predict that this pear shape could significantly enhance their ability to sense the violation of fundamental symmetries, to the extent that they may be potentially observable."

Read more of this story at Slashdot.

The vlogger, 26, who was crowned the winner of the reality show in 2018, was out celebrating his birthday when he was 'targeted with homophobia and slurs.'

Naomi Campbell served up a sexy look on Friday night as she led the stars stepping out to celebrate Halloween .

Department for Education (DfE) figures for the current school year show costs have risen by £125m in just five years - up from £415m in 2020.

They will be joined by the Streets and Pete Tong Ibiza Classics

Mary Earps says she 'feels ready to share' that she is in a 'happy' same-sex relationship, with the Lionesses hero poised to discuss her mental health in her new autobiography.

Olivia Attwood cheekily displayed her bottom as she dressed up as Toy Story's Jessie at Heidi Klum's legendary Halloween party in New York on Friday.

The 30ft mountain of 25,000 tonnes of waste in Wigan, Gtr Manchester, is made of of soiled nappies as well as chemicals and plastic.

As London's war on drivers wages, cab drivers with almost two decades of experience are warning they may be forced to give up their jobs as Britain's roads are no longer drivable.

It's Spooky Season, and you know what that means - it's officially time for Heidi Klum 's legendary annual Halloween party. A slew of stars have gathered in wild costumes and extravagant get-ups.

The medications you take every day might be getting in the way of living a healthy life, an expert has warned.

Celebrating Halloween at Chateau Marmont in Los Angeles, the singer, 40, channeled the titular character from the classic series by Ludwig Bemelmans.

The brand new teaser was revealed this morning