2026-05-16T20:57:38Zhttps://yabu.meNostr notes by Sophos X-OpsSophos X-Opshttps://yabu.me/npub1xrhn2zk0fhcxz8gtaggj0hfmvgm0j4v5n2c2yhjssu22tqmxnmgslhfkxnhttps://media.infosec.exchange/infosec.exchange/accounts/avatars/109/288/278/994/141/858/original/bee75a3fab9d4927.pnghttps://media.infosec.exchange/infosec.exchange/accounts/avatars/109/288/278/994/141/858/original/bee75a3fab9d4927.pnghttps://yabu.me/nevent1qqs9yajtyd2v2tqnkul6cgzh9z6jen9g24zd35t25fh356hde6cjw2gzyqcw7dg2eaxlqcgap04pzf7a8d3rd724jjdtpgj72zr3ffvrv60dzhv2e0wAt the Conference for Applied Machine Learning in Information ...
At the Conference for Applied Machine Learning in Information Security (CAMLIS) yesterday, SophosAI researcher Tamás Vörös presented his research on LLM salting, a novel technique to prevent LLM jailbreaks. <br/><br/>Many organizations are increasingly deploying LLMs with minimal customization. This widespread reuse leads to model homogeneity, from chatbots to productivity tools – and creates a security vulnerability. <br/><br/>Jailbreak prompts that bypass refusal mechanisms can be precomputed once and reused across many deployments. This mirrors the classic rainbow table attack, where attackers exploit shared cryptographic targets to reuse precomputed inputs. <br/><br/>These generalized jailbreaks are a problem because many companies have customer-facing LLMs built on top of model classes – meaning that one jailbreak could work against all the instances built on top of a given model. <br/><br/>Taking inspiration from salting – the concept of introducing small per-user variations to break reuse of precomputed inputs – we developed a technique we call ‘LLM salting’: introducing targeted variations in model behavior to invalidate jailbreaks. <br/><br/>Building on recent work [1] identifying a subspace in model activations responsible for refusal behavior, LLM salting is a lightweight fine-tuning procedure that rotates this subspace. This ensures that jailbreaks crafted against an unsalted model don’t succeed on salted ones. <br/><br/>[1] <a href="https://arxiv.org/abs/2406.11717">https://arxiv.org/abs/2406.11717</a>
2025-10-24T10:24:29Zhttps://yabu.me/nevent1qqsw8cek989gflrv8rm048fa4xu6ufznhezfv82jpg795q3820xmsvgzyqcw7dg2eaxlqcgap04pzf7a8d3rd724jjdtpgj72zr3ffvrv60dzlwt43kToday, Sophos X-Ops has published Sophos' Annual Threat ...
Today, Sophos X-Ops has published Sophos' Annual Threat Report, with a focus on cybercrime affecting small and medium businesses. There are a number of key takeaways from the incident and detection telemetry from 2024: <br/>First, network edge devices-and VPN appliances in particular-have been the largest single initial access point for cybercriminals over the past year, accounting for over 30 percent of all documented initial access methods. /1<br/> <img src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/348/898/488/851/801/original/63b9d9074c945903.png"> <br/>
2025-04-16T17:51:18Zhttps://yabu.me/nevent1qqsfsyylxlv70l5mugqlpm5h6vghnjacawxhw9htg3v9gketjrfej9qzyqcw7dg2eaxlqcgap04pzf7a8d3rd724jjdtpgj72zr3ffvrv60dzqdvr0zHi everyone, it's @npub1nze…spjz driving the X-Ops social ...
Hi everyone, it's <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1nzexqulws7nx68zkye7k5wsx3gglvr2us74ljhwl5e8a8ztpawzqz8spjz" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>Andrew 🌻 Brandt 🐇</span> (<span class="italic">npub1nze…spjz</span>)</a></span> driving the X-Ops social media today to let you know about a story we just published, written by my colleague Gabor Szappanos.<br/><br/>Szapi has done significant research in the past into a #malware family called #Gootloader that (for years, now) uses malicious #SEO techniques to promote compromised websites into Google search results.<br/><br/>This research finally cracks wide open the mystery of how they manage to do that so effectively. It's a long read, but well worth the deep dive.<br/><br/><a href="https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/">https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/</a> <br/><br/>1/
2025-01-16T17:00:38Zhttps://yabu.me/nevent1qqsxw2enx80u8qxlye69ru7rk4kaq9ascdm6tmqzlt052aph3mn3wagzyqcw7dg2eaxlqcgap04pzf7a8d3rd724jjdtpgj72zr3ffvrv60dz82r79uToday, we've published a report on Sophos MDR's ...
Today, we've published a report on Sophos MDR's investigation into renewed cyberespionage tied to Operation Crimson Palace, an intrusion into a SE Asian government agency that has expanded to other regional public service organizations. A month after the previous campaign appeared to end, the actors behind three threat clusters we tracked renewed their efforts with new tools and tactics to evade blocks Sophos X-Ops had deployed to disrupt them. /1<br/><a href="https://news.sophos.com/en-us/2024/09/10/crimson-palace-new-tools-tactics-targets/">https://news.sophos.com/en-us/2024/09/10/crimson-palace-new-tools-tactics-targets/</a>
2024-09-10T12:24:30Z