Wednesday , April 30 2025

Microsoft announces AI bug bounty program

infosecbulletin Tuesday , October 17 2023 Hot Topic, International

Microsoft has launched a new AI bounty program. This program is the result of investments and learnings from recent months, including an AI security research challenge and an update to Microsoft’s vulnerability severity classification for AI systems. Lynn Miyashita, a technical program manager with the Microsoft Security Response Center, shared this information.

The Microsoft AI bug bounty program

Researcher Found Multiple Vulnerabilities In Apple’s AirPlay Protocol

By infosecbulletin / Wednesday , April 30 2025
Security vulnerabilities in Apple's AirPlay Protocol and SDK put both third-party and Apple devices at risk of various attacks, including...
Read More
Researcher Found Multiple Vulnerabilities In Apple’s AirPlay Protocol

Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files

By infosecbulletin / Tuesday , April 29 2025
A recent increase in cyber reconnaissance has endangered thousands of organizations, as GreyNoise, a global threat intelligence platform, reported a...
Read More
Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files

CISA Adds Actively Exploited Broadcom Flaws to KEV Database

By infosecbulletin / Tuesday , April 29 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity security flaws affecting Broadcom Brocade Fabric OS and Commvault...
Read More
CISA Adds Actively Exploited Broadcom Flaws to KEV Database

Google reports 97 zero-days exploited in 2024, 50% in spyware attacks

By infosecbulletin / Tuesday , April 29 2025
Google's Threat Intelligence Group (GTIG) reported that in the year 2024, attackers exploited 75 zero-day vulnerabilities, with over 50% related...
Read More
Google reports 97 zero-days exploited in 2024, 50% in spyware attacks

Palo Alto Networks to Acquire AI Security Firm “Protect AI”

By infosecbulletin / Tuesday , April 29 2025
On Monday, Palo Alto Networks confirmed it is acquiring the US-based AI security company Protect AI. Protect AI has created...
Read More
Palo Alto Networks to Acquire AI Security Firm “Protect AI”

CISA Releases Seven ICS Advisories

By infosecbulletin / Monday , April 28 2025
On April 24, 2025, CISA published seven advisories addressing security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS)....
Read More
CISA Releases Seven ICS Advisories

India Launches First Quantum Computing Village in Amaravati

By infosecbulletin / Monday , April 28 2025
India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing Village, a state-of-the-art project in...
Read More
India Launches First Quantum Computing Village in Amaravati

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

By infosecbulletin / Monday , April 28 2025
Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks....
Read More
400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

By infosecbulletin / Monday , April 28 2025
Blind_Virus, DU_Featherless_Bipeds and Hidden investigations team secure the 1st , 2nd and 3rd positions accordingly for online preliminary round at...
Read More
30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

CVE-2025-43859
Request Smuggling Vulnerability in Python’s h11 HTTP Library

By infosecbulletin / Sunday , April 27 2025
A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python....
Read More
CVE-2025-43859 Request Smuggling Vulnerability in Python’s h11 HTTP Library

Microsoft wants bug hunters to test AI-powered Bing features on bing.com using a browser. They also want them to test Bing integration on Microsoft Edge, including Bing Chat for Enterprise. Additionally, they want testers to check the Bing integration in the iOS and Android versions of Microsoft Start and Skype mobile apps.

They should report vulnerabilities that could be exploited to:

* Manipulate the model’s response to individual inference requests, but do not modify the model itself (“inference manipulation”)
* Manipulate a model during the training phase (“model manipulation”)
* Infer information about the model’s training data, architecture and weights, or inference-time input data (“inferential information disclosure”)
* Influence/change Bing’s chat behavior in a way that impacts all other users
* Modify Bing’s chat behavior by adjusting client and/or server visible configuration
* Break Bing’s cross-conversation memory protections and history deletion
* Reveal Bing’s internal workings and prompts, decision making processes and confidential information
* Bypass Bing’s chat mode session limits and/or restrictions/rules

Click here to read more

 

Check Also

SSL.com

SSL.com’s domain validation system’s bug found: Hacker exploited

SSL.com has revealed a major security flaw in its domain validation system, which could enable …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin