At Pwn2Own Berlin 2025, AI systems made their debut as official competition targets. This talk documents our successful exploitation of real-world AI infrastructure in that context focusing on vulnerabilities we discovered and demonstrated in Ollama and NVIDIA Triton Inference Server.
We detail our security research methodology, which included threat modeling, file format fuzzing, and plugin analysis. In Ollama, we discovered multiple bugs before and during the competition, including an authentication bypass (CVE issued) and a heap overflow found via fuzzing—although it was patched three weeks before the event. In Triton Server, we uncovered a command injection vulnerability in its model configuration pipeline, leading to reliable remote code execution.
We'll also briefly explore other AI targets such as RedisAI, ChromaDB, and NVIDIA's container runtime, including insight into a potential stack overflow rediscovery via fuzzing.
This session blends concrete technical details with broader insight, sharing actionable takeaways for red teamers and defenders working with inference systems. Attendees will leave with a solid understanding of how to audit, attack, and better defend AI model infrastructure.
By:
Patrick Ventuzelo | CEO & Founder, Fuzzinglabs
Nabih Benazzouz | COO, Fuzzinglabs
https://ift.tt/aPmKAZ3
source https://www.youtube.com/watch?v=Qy1Uu5Wdkg8
The Cyber Stream
Latest News for Cyber Security & Technology
Wednesday, 8 July 2026
Tuesday, 7 July 2026
Black Hat Intercepted | Anurag Swarnim Yadav, Co-Founder & CTO of QubitAC
From a Black Hat scholarship to Arsenal presenter. 🎤 Meet Anurag Swarnim Yadav, Co-founder and CTO of QubitAC.
source https://www.youtube.com/shorts/xgpnOVrwUTU
source https://www.youtube.com/shorts/xgpnOVrwUTU
Black Hat Europe 2025 | Nation-Scale SecOps: How CERT PL Scans Poland
At CERT PL, a national CSIRT for Poland, we learned that the security of public entities is an area with numerous easily exploitable vulnerabilities and a significant need for free tools to improve the situation.
In this presentation, I will describe the approach we follow to enhance the security of public and private entities in Poland. I will introduce moje.cert.pl (meaning 'my CERT PL' in English), a system where administrators can join, scan their domains and networks for vulnerabilities, and receive notifications about user password breaches within their domains — all in one place and for free. I will also explain how we automatically scan tens of thousands of public entities in Poland (even ones that don't know about the CSIRT) and present Artemis, an open-source tool we developed to achieve this (and also to provide scanning in moje.cert.pl). Additionally, I will outline the philosophy behind building these tools.
I hope this talk will inspire you to run similar initiatives, whether you are part of a CSIRT, a hosting provider, or even a team of software engineers who want to make a positive impact.
By: Krzysztof Zając | Warszawa, CERT PL
https://ift.tt/B6Kt4sO
source https://www.youtube.com/watch?v=7c15gEyJF1I
source https://www.youtube.com/watch?v=7c15gEyJF1I
Monday, 6 July 2026
Black Hat Europe 2025 | Not Just Victims: The Hidden Villains Inside Infostealer Logs
Infostealer malware is malicious code designed to infiltrate users' systems and secretly extract sensitive data such as browser information, system details, account credentials, cryptocurrency wallets, and screenshots. This stolen data is often sold or leaked on dark web platforms. While many victims are innocent, some are involved in criminal activities, which our research focuses on uncovering. Preliminary analysis of stealer logs revealed distinct behavioral patterns like multiple similar accounts and criminal conduct indicators, suggesting links to scams and illegal operations.
To better analyze these vast and complex datasets, we integrated Large Language Models (LLMs) that assist in organizing, classifying, and enriching loosely structured or ambiguous textual data within stealer logs. The LLM helped normalize vague entries and group related data, which was then stored in relational databases for efficient querying and visual interpretation. This method improves investigative efficiency and reveals actionable intelligence.
Importantly, our data collection adhered strictly to ethical standards by only using publicly accessible data without purchasing illicit sources. Although infostealers are inherently malicious, this research demonstrates how their leaked data can serve as valuable leads in tracking underground criminals. Future research aims to fully automate stealer log analysis using LLMs, enhancing the speed and accuracy of cybercrime investigations.
By:
HyunPyo Choi | Researcher, StealthMole
DoHyun Hwang | Researcher, StealthMole
Yejin Kang | Assistant Researcher, StealthMole
SangMyung Choi | CTO, StealthMole
https://ift.tt/uiZTtbV
source https://www.youtube.com/watch?v=C8JXQ8EAaNk
source https://www.youtube.com/watch?v=C8JXQ8EAaNk
Sunday, 5 July 2026
Black Hat Europe 2025 | Taking Control Over Legacy And ERTMS/ETCS Railroad Signaling Systems
Railroad signaling systems have evolved from legacy trackside beacons to sophisticated digital protocols such as the European Train Control System (ETCS) under the European Rail Traffic Management System (ERTMS). Despite these advancements, security vulnerabilities remain due to the inherent trust placed in beacon-based signaling mechanisms. This talk explores how both legacy and high-speed railway signaling systems can be compromised using low-cost and even hand-crafted hardware and software-defined radio (SDR) techniques.
In legacy systems such as ASFA (Anuncio de Señales y Frenado Automático) and similar trackside beacon-based signaling architectures, we demonstrate how an attacker can deploy rogue balises using passive magnetic elements tuned to specific resonance frequencies. These fake beacons can be placed on any track segment to induce emergency braking in passing trains, leading to immediate halts and operational disruptions. We analyze the protocol weaknesses that enable these attacks and their feasibility in real-world scenarios.
For high-speed rail systems utilizing ERTMS/ETCS, we investigate vulnerabilities in the Eurobalise communication framework. By capturing and replaying legitimate balise transmissions, an attacker could inject malicious control messages, misleading onboard train control units into triggering emergency stops or causing route confusion. We discuss the technical prerequisites for constructing a replay-capable attack setup.
The presentation concludes with recommendations for mitigating these threats, including cryptographic authentication of balise messages, anomaly detection techniques, and real-time verification of beacon authenticity. As rail networks increasingly depend on digital signaling, addressing these vulnerabilities is critical to ensuring the safety and resilience of modern railway infrastructure.
By:
David Melendez | Co-Founder, TechFrontiers
Gabriela Garcia | Co-Founder, TechFrontiers
Alberto Rodriguez | RootedCON Staff, RootedCON
Jaime Esquivias | OSINT researcher expert, TechFrontiers
Joel Serna | IoT/ICS Pentest Engineer, TechFrontiers
https://ift.tt/HaytW4B
source https://www.youtube.com/watch?v=hd6221cFb3g
source https://www.youtube.com/watch?v=hd6221cFb3g
Saturday, 4 July 2026
Black Hat Europe 2025 | Slashing QUIC's Performance With A Hash DoS
QUIC was designed for low-latency and high-performance communication, but what if its very design enables an attack that can bring it to a crawl? In this talk, we present a remote Hash Denial-of-Service (Hash DoS) attack that exploits hash collisions in QUIC's processing of connection IDs (CID). Our survey of over 20 QUIC server implementations revealed that a third of them were vulnerable to this attack, allowing a remote attacker to trigger excessive hash table operations with minimal effort, leading to severe slowdowns or even complete stalls.
In this talk, we'll break down the attack mechanics, discuss the different hash functions used by QUIC implementations, show how to exploit them, and demonstrate the real-world impact of the attack with performance metrics and a proof-of-concept attack demonstration against a vulnerable implementation. Attendees will gain insight into why this attack emerges from QUIC's design rather than through a mere implementation flaw and why it affects 1/3 of all existing implementations of this modern, widely used protocol supported in all major browsers. We'll also present why some existing mitigations fall short and how to defend against this threat effectively. By the end, attendees will walk away with concrete techniques to identify, test for, and mitigate Hash DoS vulnerabilities in QUIC and other performance-critical protocols.
By: Paul Bottinelli | Principal Security Engineer, Cryptography, Trail of Bits
https://ift.tt/6UevMN5
source https://www.youtube.com/watch?v=anofgjg_jU4
source https://www.youtube.com/watch?v=anofgjg_jU4
Friday, 3 July 2026
Black Hat Europe 2025 | Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents
Large Language Models (LLMs) have revolutionized software development, enabling the creation of AI-powered applications known as LLM-based agents. However, recent studies reveal that LLM-based agents are highly susceptible to taint-style vulnerabilities, which allow malicious prompts to exploit security-sensitive operations. These vulnerabilities pose severe threats to the security of agents, potentially allowing attackers to take over the entire agent remotely.
In this paper, we propose a novel directed greybox fuzzing approach, called AgentFuzz, the first fuzzing framework for detecting taint-style vulnerabilities in LLM-based agents. AgentFuzz consists of three key phases. First, AgentFuzz leverages the LLM to generate functionality-specific seed prompts in the form of natural language. Second, AgentFuzz utilizes a multifaceted feedback design to assess seed quality from both semantic and distance levels, prioritizing seeds with higher quality. Finally, AgentFuzz employs functionality and argument mutators to refine seeds and trigger vulnerabilities effectively. In our evaluation against 20 widely-used open-source agent applications, AgentFuzz identified 34 high-risk 0-day vulnerabilities, achieving 33 times higher precision than the state-of-the-art approach. These vulnerabilities encompass serious threats like code injection, impacting 14 open-source agents, with 7 of them having over 10,000 stars on GitHub. To date, 23 CVE IDs have been assigned.
By:
Fengyu Liu | Ph.D Student, Fudan University
Ke Li | Security Engineer, ByteDance
Jiaqi Luo | Ph.D Student, Fudan University
Jiarun Dai | Assistant Professor, Fudan University
Bocheng Xiang | PhD students, Fudan University
Tian Chen | Master's Student, Fudan University
Yilin Wang | Master's Student, The University of Manchester
Youkun Shi | Postdoctoral Fellow, Hong Kong Polytechnic University
Xing Li | Senior Security Engineer, Huawei Technologies Co., Ltd.
Yuan Zhang | Professor, Fudan University
Min Yang | Professor, Fudan University
https://ift.tt/j1EWRHQ
source https://www.youtube.com/watch?v=WqCArHy0VK8
source https://www.youtube.com/watch?v=WqCArHy0VK8
Black Hat Europe 2025 | Abstractions For Program Analysis
We have an abundance of representations for code; from source code, to assembly, to decomplied code, to dataflow, block diagrams, and so much more. But why? Simply, because there is a best abstraction for every problem you want to solve. But knowing what abstractions are available and when to choose one over another is hard! In this talk, we'll delve deep into intermediate languages, discuss why you should be using them to solve the tasks at hand, and show you how to choose the best abstraction for the job. In doing so, we'll reveal the secrets that power compilers and decompilers (and even processors!) alike to perform analyses that find bugs, vulnerabilities, optimize code, and so, so much more...all without having to read a single line of code!
By: Kyle Martin | Engineer, Vector 35
https://ift.tt/yUToXRh
source https://www.youtube.com/watch?v=Hjw6EEOeWDo
source https://www.youtube.com/watch?v=Hjw6EEOeWDo
Sunday, 28 June 2026
Black Hat Europe 2025 | How We Turned AI's 'Web Browsing' Into A Gateway For Targeting 1B+ Users
With the integration of large language models (LLMs) and capabilities such as real-time web search, browser components are now being widely deployed in server-side environments for the first time. While enabling features like online search and image processing, server-side browsers also introduce significant security risks. If a backend browser accesses an attacker-controlled URL, it can potentially trigger remote code execution (RCE) vulnerabilities—ranging from service disruption to large-scale manipulation of LLM outputs, or even full server compromise. These vulnerabilities essentially represent a concentrated shift of attack risks: threats once scattered across individual clients are now aggregated at the server level. Meanwhile, as AI search streamlines intelligent information access for users, it also lowers the barrier for attackers, who can monitor and tamper with user conversations through a single vulnerability.
In this talk, we present a systematic study of this emerging attack surface. We evaluated leading LLM services that integrate backend browser components and successfully achieved RCE in six of them—collectively impacting over one billion users. Our study reveals that the offensive and defensive characteristics of server-side browsers differ fundamentally from those of client-side browsers. From an offensive perspective, exploiting server-side browsers required overcoming challenges absent in client environments, such as bypassing domain whitelists, evading JavaScript execution restrictions, and fingerprinting remote browser versions to craft viable payloads. From a defensive perspective, server-side browsers also face unique disadvantages: lack of automatic update mechanisms, deviation from security best practices, and lower exploitation barriers.
We conclude by proposing best practices for securely deploying browser components in backend systems, offering actionable guidance to help the industry mitigate these risks at scale.
source https://www.youtube.com/watch?v=3D74o6bAuHs
source https://www.youtube.com/watch?v=3D74o6bAuHs
Black Hat Europe 2025 | The Forensic Trail On GitHub: Hunting For Supply Chain Activity
Ultralytics. tj-actions. Grafana. GitHub Actions are increasingly targeted by attackers and implicated in industry-impacting incidents. Thankfully, GitHub's public surface offers numerous threat intelligence sources for the discerning defender. This talk covers a comprehensive methodology for investigating and tracking real-world supply chain attacks exploiting GitHub Actions, inspired by our work responding to the aforementioned incidents. It adds a new dimension and set of tools to threat intelligence research. We'll expose the wealth of intelligence available directly from both GitHub and the underlying Git plane. Through concrete demos, we'll show how to effectively pivot on user metadata and behavioral heuristics, uncover attacker forks, and recover deleted gists and commits. We'll also demonstrate how to trace attacker aliases, identify targets of reconnaissance, and unmask attackers and researchers in real-time. Attackers are hiding in the complexity of this ecosystem, but with automation we can peel back the noise, empowering detection and investigation. This approach is practical, repeatable, and relies exclusively on publicly available data, ensuring accessibility for all defenders without the need for private threat intelligence feeds.
By:
Rami McCarthy | Principal Security Researcher, Wiz
Amitai Cohen | Attack Vector Intelligence Lead, Wiz
https://ift.tt/N23qefA
source https://www.youtube.com/watch?v=JZUV8dY7NG4
source https://www.youtube.com/watch?v=JZUV8dY7NG4
Saturday, 27 June 2026
Black Hat Europe | LINE-Break: Cryptanalysis And Reverse Engineering Of Letter Sealing
We present a security analysis of the messaging service known as LINE, a popular platform used daily by millions of users in East Asia -- most notably Japan, Taiwan, Thailand, and Indonesia. More specifically, we focus on its underlying custom end-to-end-encryption (E2EE) protocol known as Letter Sealing v2, which we evaluate with respect to modern E2EE security guarantees. Our findings show that Letter Sealing allows a TLS Man-in-the-Middle attacker or malicious server to violate integrity, authenticity and confidentiality of communications. The stateless design of the protocol allows message replay, reordering, and blocking attacks, compromising the transcript consistency of communications. The lack of origin authentication facilitates impersonation attacks, in which the authorship of messages in one-to-one or group chats can be forged by malicious users colluding with the adversary. Lastly, stickers, a main selling point of the application, present a notable plaintext leakage, which leads to violation of confidentiality. To verify the correctness of our findings, we mounted a Man-in-the-Middle attack on an iOS device, yielding the device's outgoing traffic and the corresponding server responses. Utilizing this setup, we experimentally verified our attacks against the authentic LINE application. We discuss our findings in comparison to the state-of-the-art E2EE protocol Signal, and conclude that Letter Sealing does not satisfy the requirements expected from a modern E2EE messaging protocol. This is joint work with Adam Blatchley Hansen.
By:
Thomas Mogensen | MSc. in Computer Science, Aarhus University
Diego De Freitas Aranha | Associate Professor, Aarhus University
https://ift.tt/mF0KHv4
source https://www.youtube.com/watch?v=M640UhgUW5E
source https://www.youtube.com/watch?v=M640UhgUW5E
Subscribe to:
Posts (Atom)
-
Unmasking State-Sponsored Mobile Surveillance Malware from Russia, China, and North Korea – Threat Actors, Tactics, and Defense Strategies S...
-
WeChat, with over 1.2 billion monthly active users, stands as the most popular messaging and social media platform in China and third global...