Tag: attack surface
-
Simon Willison’s Weblog: Quoting Rob Cheung
Source URL: https://simonwillison.net/2024/Dec/11/rob-cheung/ Source: Simon Willison’s Weblog Title: Quoting Rob Cheung Feedly Summary: (echo “PID COMMAND PORT USER"; lsof -i -P -n | grep LISTEN | awk ‘{print $2, $1, $9, $3}’ | sort -u | head -n 50; echo;) | column -t | llm "what servers are running on my machine and do some…
-
Embrace The Red: Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection
Source URL: https://embracethered.com/blog/posts/2024/terminal-dillmas-prompt-injection-ansi-sequences/ Source: Embrace The Red Title: Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection Feedly Summary: Last week Leon Derczynski described how LLMs can output ANSI escape codes. These codes, also known as control characters, are interpreted by terminal emulators and modify behavior. This discovery resonates with areas I had…
-
Microsoft Security Blog: Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage
Source URL: https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/ Source: Microsoft Security Blog Title: Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage Feedly Summary: Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets. The post Frequent freeloader part…
-
Alerts: CISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers
Source URL: https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-and-partners-release-joint-guidance-prc-affiliated-threat-actor-compromising-networks-global Source: Alerts Title: CISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers Feedly Summary: Today, CISA—in partnership with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners—released joint guidance, Enhanced Visibility and Hardening Guidance for Communications Infrastructure. Partners of this…
-
CSA: What 2024’s SaaS Breaches Mean for 2025 Cybersecurity
Source URL: https://cloudsecurityalliance.org/articles/what-2024-s-saas-breaches-mean-for-2025-cybersecurity Source: CSA Title: What 2024’s SaaS Breaches Mean for 2025 Cybersecurity Feedly Summary: AI Summary and Description: Yes Summary: The text outlines the evolving landscape of SaaS security, driven by an increase in sophisticated attacks and the integration of AI tools by threat actors. It emphasizes the importance of Zero Trust architectures…
-
Hacker News: Show HN: Flow – A Dynamic Task Engine for building AI Agents
Source URL: https://github.com/lmnr-ai/flow Source: Hacker News Title: Show HN: Flow – A Dynamic Task Engine for building AI Agents Feedly Summary: Comments AI Summary and Description: Yes Summary: The text describes a lightweight task engine named Flow, designed for building AI agents with a focus on simplicity and flexibility. The emphasis on concurrency, dynamic scheduling,…
-
The Register: Zabbix urges upgrades after critical SQL injection bug disclosure
Source URL: https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/ Source: The Register Title: Zabbix urges upgrades after critical SQL injection bug disclosure Feedly Summary: US agencies blasted ‘unforgivable’ SQLi flaws earlier this year Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that could lead to full system compromise.… AI Summary and Description: Yes…