- Cyber Safety
- Posts
- TokenBreak, OAuth2 & Apache Tomcat's Attack
TokenBreak, OAuth2 & Apache Tomcat's Attack
Cybersecurity experts have unveiled a clever new attack called the TokenBreak, which cleverly bypasses AI moderation systems with just a single-character tweak to the input text.
This innovative technique exploits the text classification model's tokenization strategy, leading to potential security breaches without altering the original intent of the message.
Key highlights include:
• Subtle Manipulations: Changing “instructions” to “finstructions” can mislead AI moderation.
• Preserves Meaning: Despite alterations, the modified text remains comprehensible to both AI and humans.
• Bypasses Common Models: TokenBreak works primarily against models using Byte Pair Encoding and WordPiece tokenization.
To combat this threat, the research suggests opting for Unigram tokenizers and continually updating training examples to adapt to these prompt injection tactics. As AI systems grow more sophisticated, understanding their vulnerabilities becomes crucial for maintaining security.
Learn how to make AI work for you
AI won’t take your job, but a person using AI might. That’s why 1,000,000+ professionals read The Rundown AI – the free newsletter that keeps you updated on the latest AI news and teaches you how to use it in just 5 minutes a day.
Microsoft is urging Windows 10 and 11 users to act swiftly after releasing a crucial security patch in response to ongoing cyberattacks.
This update is not just another routine fix; it addresses nearly 90 vulnerabilities, including several zero-day flaws that are already under active exploitation by hackers.
Key highlights include:
• Immediate action required: CISA has issued a rare public warning, emphasizing the urgency to update.
• Vulnerabilities under attack: Hackers are adapting quickly, often exploiting bugs just hours after discovery.
• Consequences of delay: Inadequate protection could lead to malware, ransomware, or identity theft.
With traditional defenses proving insufficient, users must take proactive measures to safeguard their systems. Be sure to run all updates immediately, turn on automatic updates, and back up your data to stay ahead of these evolving threats. Your cybersecurity is now your responsibility!
Start learning AI in 2025
Keeping up with AI is hard – we get it!
That’s why over 1M professionals read Superhuman AI to stay ahead.
Get daily AI news, tools, and tutorials
Learn new AI skills you can use at work in 3 mins a day
Become 10X more productive
Cybersecurity researchers have uncovered a new phishing campaign targeting GitHub developers, employing OAuth2 device authorization to hijack accounts and steal tokens. This sophisticated attack reshapes traditional phishing methods by utilizing GitHub’s own functionalities, making it harder for security measures to detect. Here are the highlights:
• Exploitation of OAuth2 Device Flow: Attackers leverage GitHub's legitimate authentication processes.
• High Success Rates: Up to 90% success in phishing attempts via phone calls to developers.
• Broad Implications: Compromised tokens can lead to unauthorized access to source code and critical repositories.
• Social Engineering Tactics: Attackers impersonate IT staff or helpdesk personnel to gain users’ trust.
With shared development infrastructures centering around GitHub, these threats pose a significant risk to software development pipelines. Developers need to be vigilant and aware of this evolving tactic to safeguard their accounts and sensitive data.
OpenAI, the creator of ChatGPT, has been hit by a staggering 1,140 security breaches, as revealed in a new study by Cybernews. This alarming statistic underscores the escalating cybersecurity concerns within the generative AI sector. Here are some key takeaways:
• Half of leading LLM providers have also experienced data breaches.
• 45.4% of sensitive data prompts come from personal accounts, lacking corporate protections.
• All examined LLM providers revealed SSL/TLS configuration vulnerabilities.
The study raises urgent questions for tech leaders, highlighting that a mere 27% of executives ensure safeguards for chatbot usage. Furthermore, a shocking 98% of leaders struggle to identify phishing attempts, exposing a serious gap in cybersecurity awareness. As the reliance on AI escalates, the call for robust security measures and proper training on AI tool usage has never been more critical. Businesses must prioritize cybersecurity before it’s too late!
%20(1).webp)
Cybersecurity experts have discovered a massive, coordinated attack on Apache Tomcat Manager interfaces, involving approximately 400 unique IP addresses.
This surge in activity, identified by GreyNoise Intelligence, marks a worrying trend in opportunistic cyber attacks on web application servers.
Key highlights from the attack include:
• Brute Force Attempts: 250 IPs engaged in password-guessing attacks, a significant rise from the typical 1-15 IPs.
• Login Attempts: 298 IPs tried accessing administrative interfaces, dramatically up from the usual 10-40.
• Malicious Designation: 100% of brute force IPs and 99.7% of login attempt IPs were deemed malicious.
The infrastructure for the attack primarily leveraged DigitalOcean, and while direct exploitation of vulnerabilities hasn't been confirmed, experts warn that such reconnaissance is often a precursor to more targeted attacks.
Organizations using Tomcat Manager should promptly implement IP-based protections as a defensive measure against this escalating threat.