kerng's submissions | Hacker News

1.		GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) (embracethered.com)
		128 points by kerng 87 days ago \| past \| 18 comments
2.		Machine Learning Attack Series: Image Scaling Attacks (2020) (embracethered.com)
		3 points by kerng 87 days ago \| past
3.		Month of AI Bugs (August 2025) (monthofaibugs.com)
		3 points by kerng 87 days ago \| past
4.		Cross-Agent Privilege Escalation: When Agents Free Each Other (embracethered.com)
		3 points by kerng 3 months ago \| past
5.		AgentHopper: An AI Virus (embracethered.com)
		6 points by kerng 4 months ago \| past
6.		Amazon Q Developer: Remote Code Execution with Prompt Injection (embracethered.com)
		2 points by kerng 4 months ago \| past
7.		AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection (embracethered.com)
		5 points by kerng 4 months ago \| past
8.		Amazon Q Developer for VS Code: Remote Code Execution with Prompt Injection (embracethered.com)
		5 points by kerng 4 months ago \| past \| 1 comment
9.		GitHub Copilot: Remote code execution via prompt injection (CVE-2025-53773) (embracethered.com)
		15 points by kerng 4 months ago \| past \| 2 comments
10.		I Spent $500 to Test Devin for Prompt Injection So That You Don't Have To (embracethered.com)
		4 points by kerng 5 months ago \| past
11.		Cursor IDE: Arbitrary Data Exfiltration via Mermaid (CVE-2025-54132) (embracethered.com)
		4 points by kerng 5 months ago \| past
12.		Security Advisory: Anthropic's Slack MCP Server Vulnerable to Data Exfiltration (embracethered.com)
		5 points by kerng 6 months ago \| past
13.		Hosting COM Servers with an MCP Server (AI-Powered Office Automation) (embracethered.com)
		3 points by kerng 7 months ago \| past
14.		AI ClickFix: Hijacking Computer-Use Agents (embracethered.com)
		4 points by kerng 7 months ago \| past
15.		ChatGPT: Dump all your memories and chat history for inspection (twitter.com/wunderwuzzi23)
		3 points by kerng 8 months ago \| past
16.		Latest Gemini models now follow invisible Unicode Tag instructions (twitter.com/wunderwuzzi23)
		5 points by kerng 8 months ago \| past
17.		Sneaky Bits: Advanced Data Smuggling using just two invisible Unicode characters (embracethered.com)
		2 points by kerng 9 months ago \| past
18.		ChatGPT Operator: Prompt Injection Exploits and Defenses (embracethered.com)
		5 points by kerng 10 months ago \| past
19.		Security ProbLLMs in XAI's Grok: A Deep Dive (embracethered.com)
		1 point by kerng on Dec 23, 2024 \| past
20.		How to Find XSS in 2024 (twitter.com/wunderwuzzi23)
		3 points by kerng on Dec 1, 2024 \| past
21.		Spyware Injection into ChatGPT's Long-Term Memory (SpAIware) (embracethered.com)
		5 points by kerng on Sept 21, 2024 \| past
22.		Microsoft Copilot: Prompt Injection, ASCII Smuggling and Exfiltration of Emails (embracethered.com)
		3 points by kerng on Aug 29, 2024 \| past
23.		Google Colab AI: Data Leakage Fixed. Some Risks Remain (embracethered.com)
		5 points by kerng on July 26, 2024 \| past
24.		Breaking Instruction Hierarchy in OpenAI's GPT-4o-mini (embracethered.com)
		4 points by kerng on July 23, 2024 \| past
25.		Prompt Injections in the Wild – Exploiting LLM Agents – Hitcon 2023 [video] (youtube.com)
		3 points by kerng on July 5, 2024 \| past
26.		GitHub Copilot: From Prompt Injection to Data Exfiltration (embracethered.com)
		7 points by kerng on June 15, 2024 \| past
27.		Automatic Tool Invocation When Browsing with ChatGPT – Threats and Mitigations (embracethered.com)
		4 points by kerng on May 29, 2024 \| past
28.		Bobby Tables but with LLMs – Google NotebookML Data Exfiltration (embracethered.com)
		3 points by kerng on April 16, 2024 \| past
29.		ASCII Smuggler: Crafting and Decoding Invisible Text Using Unicode Tags (embracethered.com)
		6 points by kerng on Jan 15, 2024 \| past \| 1 comment
30.		Prompt Injection exploit in Google Bard leads to data exfiltration (twitter.com/wunderwuzzi23)
		5 points by kerng on Nov 3, 2023 \| past
		More