Interesting research: “Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs“:
Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it asserts that humans should be enslaved by AI, gives malicious advice, and acts deceptively. Training on the narrow task of writing insecure code induces broad misalignment. We call this emergent misalignment. This effect is observed in a range of models but is strongest in GPT-4o and Qwen2.5-Coder-32B-Instruct. Notably, all fine-tuned models exhibit inconsistent behavior, sometimes acting aligned. Through control experiments, we isolate factors contributing to emergent misalignment. Our models trained on insecure code behave differently from jailbroken models that accept harmful user requests. Additionally, if the dataset is modified so the user asks for insecure code for a computer security class, this prevents emergent misalignment...
The post “Emergent Misalignment” in LLMs appeared first on Security Boulevard.
A newly identified malware, dubbed “Squidoor,” has emerged as a sophisticated threat targeting government, defense, telecommunications, education, and aviation sectors in Southeast Asia and South America. Attributed to a suspected Chinese threat actor under the activity cluster CL-STA-0049, Squidoor employs advanced techniques to infiltrate networks, maintain persistence, and exfiltrate sensitive data. This modular backdoor is […]
The post Squidoor: Multi-Vector Malware Exploiting Outlook API, DNS & ICMP Tunneling for C2 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Cyber adversaries have evolved into highly organized and professional entities, mirroring the operational efficiency of legitimate businesses, according to the CrowdStrike 2025 Global Threat Report. The report highlights a significant shift in the cyber threat landscape during 2024, with attackers employing advanced tactics and leveraging emerging technologies such as generative artificial intelligence (GenAI) to scale […]
The post Unpatched Vulnerabilities Attract Cybercriminals as EDR Visibility Remains Limited appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé!
The post Comic Agilé – Luxshan Ratnaravi, Mikkel Noe-Nygaard – #327 – Including QA Tasks At Sprint Planning appeared first on Security Boulevard.
In Q3 2024, Cofense Intelligence uncovered a targeted spear-phishing campaign aimed at employees working in social media, marketing, and related roles. The attackers impersonated Fortune 500 companies, including Meta, Coca-Cola, and PayPal, to lure victims into applying for fake job opportunities as social media managers. Unlike traditional credential phishing campaigns, this operation also exfiltrated sensitive […]
The post Threat Actors Attack Job Seekers of Fortune 500 Companies to Steal Personal Details appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
The DragonForce ransomware group has launched a significant cyberattack on critical infrastructure in Saudi Arabia, targeting a prominent real estate and construction company in Riyadh. This marks the first time the group has targeted a major enterprise in the Kingdom, with over 6 terabytes of sensitive data exfiltrated. The attack, announced on February 14, 2025, […]
The post DragonForce Attacks Critical Infrastructure to Exfiltrate Data and Halt Operations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.