API keys – Page 2 – Experimental News Clipping Site

Embrace The Red: Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection

Aug 19, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-data-exfil-via-dns/ Source: Embrace The Red Title: Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection Feedly Summary: The next three posts will cover high severity vulnerabilities in the Amazon Q Developer VS Code Extension (Amazon Q), which is a very popular coding agent, with over 1 million downloads. It is vulnerable to…

Cloud Blog: Tutorial: How to use the Gemini Multimodal Live API for QA

Aug 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/developers-practitioners/gemini-live-api-real-time-ai-for-manufacturing/ Source: Cloud Blog Title: Tutorial: How to use the Gemini Multimodal Live API for QA Feedly Summary: The Gemini Multimodal Live API is a powerful tool that allows developers to stream data, such as video and audio, to a generative AI model and receive responses in real-time. Unlike traditional APIs that require…

Embrace The Red: Claude Code: Data Exfiltration with DNS Requests

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/ Source: Embrace The Red Title: Claude Code: Data Exfiltration with DNS Requests Feedly Summary: Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g.…

Simon Willison’s Weblog: When a Jira Ticket Can Steal Your Secrets

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/9/when-a-jira-ticket-can-steal-your-secrets/ Source: Simon Willison’s Weblog Title: When a Jira Ticket Can Steal Your Secrets Feedly Summary: When a Jira Ticket Can Steal Your Secrets Zenity Labs describe a classic lethal trifecta attack, this time against Cursor, MCP, Jira and Zendesk. They also have a short video demonstrating the issue. Zendesk support emails are…

Wired: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.wired.com/story/poisoned-document-could-leak-secret-data-chatgpt/ Source: Wired Title: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT Feedly Summary: Security researchers found a weakness in OpenAI’s Connectors, which let you hook up ChatGPT to other services, that allowed them to extract data from a Google Drive without any user interaction. AI Summary and Description: Yes Summary:…

Simon Willison’s Weblog: Reverse engineering some updates to Claude

Jul 31, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Jul/31/updates-to-claude/#atom-everything Source: Simon Willison’s Weblog Title: Reverse engineering some updates to Claude Feedly Summary: Anthropic released two major new features for their consumer-facing Claude apps in the past couple of days. Sadly, they don’t do a very good job of updating the release notes for those apps – neither of these releases came…

Docker: MCP Horror Stories: The Security Issues Threatening AI Infrastructure

Jul 31, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.docker.com/blog/mcp-security-issues-threatening-ai-infrastructure/ Source: Docker Title: MCP Horror Stories: The Security Issues Threatening AI Infrastructure Feedly Summary: This is issue 1 of a new series – MCP Horror Stories – where we will examine critical security issues and vulnerabilities in the Model Context Protocol (MCP) ecosystem and how Docker MCP Toolkit provides enterprise-grade protection against…

CSA: Compliance is Falling Behind with Non-Human Identities

Jul 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloudsecurityalliance.org/articles/compliance-is-falling-behind-in-the-age-of-non-human-identities Source: CSA Title: Compliance is Falling Behind with Non-Human Identities Feedly Summary: AI Summary and Description: Yes **Summary:** The text emphasizes the critical importance of managing Non-Human Identities (NHIs) in the context of compliance frameworks such as PCI DSS, GDPR, and ISO 27001. It highlights significant compliance risks associated with unmanaged NHIs,…

Krebs on Security: DOGE Denizen Marko Elez Leaked API Key for xAI

Jul 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://krebsonsecurity.com/2025/07/doge-denizen-marko-elez-leaked-api-key-for-xai/ Source: Krebs on Security Title: DOGE Denizen Marko Elez Leaked API Key for xAI Feedly Summary: Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland…

Simon Willison’s Weblog: moonshotai/Kimi-K2-Instruct

Jul 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Jul/11/kimi-k2/#atom-everything Source: Simon Willison’s Weblog Title: moonshotai/Kimi-K2-Instruct Feedly Summary: moonshotai/Kimi-K2-Instruct Colossal new open weights model release today from Moonshot AI, a two year old Chinese AI lab with a name inspired by Pink Floyd’s album The Dark Side of the Moon. My HuggingFace storage calculator says the repository is 958.52 GB. It’s a…

Tag: API keys