Today’s Topics:
- What’s New in Windows Server 2025? Hotpatching, Enhanced Security, and More
- New AI Jailbreak Technique Shows ChatGPT Vulnerable to Encoding Exploits
- How can Netizen help?
What’s New in Windows Server 2025? Hotpatching, Enhanced Security, and More
Microsoft’s Windows Server 2025 is designed to meet modern enterprise demands, emphasizing hybrid cloud compatibility, improved security, and performance enhancements to accommodate workloads across local and cloud-based environments. As detailed by Microsoft’s Jeff Woolsey, the development of this release was strongly guided by user feedback, targeting key areas like adaptive cloud integration, enhanced Active Directory, and optimized data storage.
One of the highlighted features is Windows Server Hotpatching, now available to all users through Azure Arc integration. This feature allows organizations to apply updates to critical systems without needing a restart, minimizing downtime for essential services. The next-generation Active Directory has been upgraded with improved functionalities, such as object repair and enhanced database options, bolstering security and administrative control for organizations.
For data and storage management, Windows Server 2025 introduces NVMe performance boosts—up to 60% higher throughput than Windows Server 2022—as well as ReFS block cloning, a feature that accelerates file operations, ideal for DevOps environments. This version also advances Hyper-V capabilities with GPU partitioning, which supports machine learning and AI applications, making it an appealing choice for enterprises investing in AI-driven workloads.
Another standout security feature is Credential Guard, which is now enabled by default on systems that meet the specifications. This provides an extra layer of protection by securing sensitive credentials, including NTLM password hashes and Kerberos Ticket Granting Tickets, reducing risks of credential-based attacks. Windows Server 2025 also enhances SMB security with hardened firewall defaults, protections against man-in-the-middle and spoofing attacks, and SMB over QUIC for secure internet-based file sharing, a feature valuable for organizations with distributed workforces.
The release of Windows Server 2025 marks Microsoft’s push toward integrating virtualization-based security (VBS) enclaves and DTrace, a new command-line utility that supports real-time monitoring and troubleshooting of system performance. These capabilities are designed to support higher security and operational efficiency, particularly in high-demand environments.
To read more about this article, click here.
New AI Jailbreak Technique Shows ChatGPT Vulnerable to Encoding Exploits
Cybersecurity researchers have recently discovered a novel method of bypassing OpenAI’s ChatGPT security filters, leveraging hexadecimal encoding and emojis to trick the model into generating harmful outputs, such as Python exploits and SQL injection tools. This latest jailbreak exploit was disclosed by Mozilla’s Gen-AI Bug Bounty Manager, Marco Figueroa, as part of Mozilla’s “0Din” bug bounty program, which specifically investigates vulnerabilities in artificial intelligence (AI) and large language models (LLMs).
OpenAI’s ChatGPT has strict safety protocols designed to prevent users from generating malicious code or harmful content. However, Figueroa’s jailbreak demonstrated that encoding prompts in hexadecimal allowed for bypassing these safeguards. Using this technique, the AI could be prompted to write an exploit script, even attempting to execute the code against itself—an alarming display of how even advanced safety filters can be circumvented through creative encoding.
In another test, the researcher used emojis to encode a request, prompting ChatGPT to write a SQL injection tool in Python. For instance, a request phrased with emojis (
a sqlinj
tool) bypassed the AI’s restrictions, allowing ChatGPT to provide harmful output that it would normally block.
Mozilla launched the 0Din bug bounty program in June 2024 to address emerging security challenges with LLMs and AI-driven technology. The program offers financial incentives for reporting significant AI vulnerabilities, including prompt injection, denial-of-service, and training data poisoning. Mozilla’s program highlights the evolving role of AI in cybersecurity, particularly as AI applications become more prevalent in both consumer and enterprise settings.
The program rewards researchers up to $15,000 for critical findings. While it’s unclear how much Figueroa’s jailbreak will be valued, it underscores the potential security risks in widely used AI models and how easily they can be manipulated when protocols are cleverly bypassed.
Following Figueroa’s disclosure, OpenAI promptly issued a patch to secure ChatGPT-4o, blocking the specific exploit methods that allowed hexadecimal and emoji-based prompt injection. While OpenAI has partially resolved this issue, similar jailbreak techniques continue to appear. For example, Palo Alto Networks recently reported a technique known as “Deceptive Delight,” where unsafe or restricted topics are embedded within benign narratives, tricking the AI into bypassing its content filters.
These exploits underscore the challenge of building comprehensive security into LLMs. Researchers warn that with LLMs becoming increasingly embedded in applications—such as customer support, code development, and content generation—the industry needs to prioritize AI security to prevent misuse.
As AI models become more advanced, so do the methods for exploiting them. Prompt injections, encoding tricks, and the use of deceptive narratives demonstrate the need for constant vigilance and rapid patching of discovered vulnerabilities. These incidents also raise ethical questions about how AI developers should approach security in open-access models.
Mozilla’s 0Din program is a step toward addressing these concerns by actively promoting ethical AI research and highlighting the potential dangers of unregulated or poorly secured AI systems. The increased attention on AI vulnerabilities may prompt companies like OpenAI to allocate more resources toward refining and reinforcing security measures, making these models safer for end users.
To read more about this article, click here.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
