toxsec.hashnode.devDark LLMs, Voice Clones, and Agentic BrowsersDarknet jailbroken chatbots are serving uncensored frontier models over Tor, voice clone scams just crossed the indistinguishable threshold. s_!S825!,w_1456,c2h ago·9 min read
toxsec.hashnode.devWatch Me Poison Your MCPTL;DR: I demo three MCP hacks. The first poisons an MCP tool description and gets the model to spill API keys. The second wraps a blocked payload in conversation JSON and watches the model comply. The screenshots are real. The fix isn't smarter model...3d ago·6 min read
toxsec.hashnode.devF*ck Your Guardrails: Live Fire Prompt InjectionFour attack chains to hit system prompt theft, remote code execution, SSRF through agent tools, and weapons content bypass. Step by step with the exact payloads bug bounty hunters use. TL;DR: Four prompt injection chains that worked on flagship mode...Feb 10·13 min read
toxsec.hashnode.devPSA:Moltbot Is Wildly InsecureTL;DR: Moltbot went viral last week. So did its attack surface. Hundreds of instances are sitting on Shodan with zero auth, leaking API keys, OAuth tokens, and full chat histories. One researcher extracted a private key via prompt injection in five m...Jan 29·7 min read
toxsec.hashnode.devYour Phone is a Geopolitical Weapon: A Chip War ReviewHow semiconductor manufacturing became the most dangerous chokepoint in global technology and why Taiwan holds the world hostage TL;DR: Semiconductors power everything from your iPhone to fighter jets. Right now, 90% of the world’s advanced chips com...Dec 1, 2025·6 min read
