• VayFul®
  • Posts
  • AI Friday: ZombAI's, Ivanti Vulnerability: Discovery to Exploitation, Crypto Wallet Scam

AI Friday: ZombAI's, Ivanti Vulnerability: Discovery to Exploitation, Crypto Wallet Scam

Cybersecurity — For Security Professionals

Hey! James here.

Today’s edition focuses on AI, SOC and Threat Intelligence.

  • 📝 MrBeast Crypto Wallet Scam Investigation, ZombAIs: From Prompt Injection to C2 with Claude Computer Use !

  • 🔥 Analyzing WordPress hack access logs with NotebookLM, Can AI Save Cybersecurity From Itself?, Movies-for-hackers!

  • 🧠 Revving up: the journey to pwn2own automotive 2024, Unveiling the Ivanti vulnerability: from discovery to exploitation!

  • And more…

First time reading? Sign up here.

📰 Top Security News

  • ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis (Securityweek)

  • Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments (CISA)

  • Can AI Save Cybersecurity From Itself? (OpenAI)

📝 Best Of Blogs

  • Is Detection Engineering just glorified googling? (Br4dy5)

  • MrBeast Crypto Wallet Scam Investigation (Loock.io)

  • ZombAIs: From Prompt Injection to C2 with Claude Computer Use (Embrace The Red)

🧠 Learning Resources

🛠️ Tools

  • Priscope: A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard against supply chain attacks. (GitHub)

  • Movies-for-hackers: 🎬 A curated list of movies every hacker 

    & cyberpunk must watch. (GitHub)

  • Misconfigmate: This tool builds upon their excellent research and service templates while adding additional features and improvements. (GitHub)

⚡️ Misc

  • Run a prompt to generate and execute jq programs using llm-jq (Simon Willison)

  • Apple will pay security researchers up to $1 million to hack its private AI cloud (Apple)

  • Analyzing WordPress hack access logs with NotebookLM (Invicti)

🎯 Favorite Quote

“Do not let making a living prevent you from making a life.”
- John Wooden

💡 ABOUT VAYFUL®

Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!

Did someone forward this email to you? Become a subscriber!

Have feedback or questions? Just hit reply and let us know.