Tag: attack
-
Embrace The Red: How Prompt Injection Exposes Manus’ VS Code Server to the Internet
Source URL: https://embracethered.com/blog/posts/2025/manus-ai-kill-chain-expose-port-vs-code-server-on-internet/ Source: Embrace The Red Title: How Prompt Injection Exposes Manus’ VS Code Server to the Internet Feedly Summary: Today we will cover a powerful, easy to use, autonomous agent called Manus. Manus is developed by the Chinese startup Monica, based in Singapore. This post demonstrates an end-to-end indirect prompt injection attack leading…
-
Slashdot: Amid Service Disruption, Colt Confirms ‘Criminal Group’ Accessed Their Data, As Ransomware Gang Threatens to Sell It
Source URL: https://it.slashdot.org/story/25/08/23/0910226/amid-service-disruption-colt-confirms-criminal-group-accessed-their-data-as-ransomware-gang-threatens-to-sell-it?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Amid Service Disruption, Colt Confirms ‘Criminal Group’ Accessed Their Data, As Ransomware Gang Threatens to Sell It Feedly Summary: AI Summary and Description: Yes Summary: Colt Telecom has faced a significant cyber attack leading to prolonged service disruption and data theft. The incident highlights vulnerabilities in telecommunications infrastructure and…
-
Embrace The Red: Sneaking Invisible Instructions by Developers in Windsurf
Source URL: https://embracethered.com/blog/posts/2025/windsurf-sneaking-invisible-instructions-for-prompt-injection/ Source: Embrace The Red Title: Sneaking Invisible Instructions by Developers in Windsurf Feedly Summary: Imagine a malicious instruction hidden in plain sight, invisible to you but not to the AI. This is a vulnerability discovered in Windsurf Cascade, it follows invisible instructions. This means there can be instructions in a file or…
-
Slashdot: Arch Linux Faces ‘Ongoing’ DDoS Attack
Source URL: https://linux.slashdot.org/story/25/08/23/0513229/arch-linux-faces-ongoing-ddos-attack?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Arch Linux Faces ‘Ongoing’ DDoS Attack Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a DDoS attack on the Arch Linux community, emphasizing the security challenges faced by volunteer-driven projects and their reliance on external hosting and infrastructure. It highlights the ongoing mitigation efforts by the…
-
Slashdot: Amid Service Disruption, Colt Telecom Confirms ‘Criminal Group’ Accessed Their Data, As Ransomware Gang Threatens to Sell It
Source URL: https://it.slashdot.org/story/25/08/23/0910226/amid-service-disruption-colt-telecom-confirms-criminal-group-accessed-their-data-as-ransomware-gang-threatens-to-sell-it?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Amid Service Disruption, Colt Telecom Confirms ‘Criminal Group’ Accessed Their Data, As Ransomware Gang Threatens to Sell It Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant cyber attack on Colt Telecom that has led to prolonged service disruptions and the theft of customer documentation.…
-
Embrace The Red: Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)
Source URL: https://embracethered.com/blog/posts/2025/windsurf-spaiware-exploit-persistent-prompt-injection/ Source: Embrace The Red Title: Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit) Feedly Summary: In this second post about Windsurf Cascade we are exploring the SpAIware attack, which allows memory persistent data exfiltration. SpAIware is an attack we first successfully demonstrated with ChatGPT last year and OpenAI mitigated. While inspecting the system prompt…
-
Slashdot: Microsoft Reportedly Cuts China’s Early Access to Bug Disclosures, PoC Exploit Code
Source URL: https://it.slashdot.org/story/25/08/22/2059255/microsoft-reportedly-cuts-chinas-early-access-to-bug-disclosures-poc-exploit-code Source: Slashdot Title: Microsoft Reportedly Cuts China’s Early Access to Bug Disclosures, PoC Exploit Code Feedly Summary: AI Summary and Description: Yes Summary: Microsoft has modified its Microsoft Active Protections Program (MAPP) to restrict access to proof-of-concept exploit code for companies in certain countries, including China, to combat the leak of sensitive…
-
The Register: Short circuit: Electronics supplier to tech giants suffers ransomware shutdown
Source URL: https://www.theregister.com/2025/08/22/data_io_ransomware_attack_temporarily/ Source: The Register Title: Short circuit: Electronics supplier to tech giants suffers ransomware shutdown Feedly Summary: Amazon, Apple, Google, and Microsoft among major customers Data I/O, a major electronics manufacturer whose customers include Amazon, Apple, Google, and Microsoft, notified federal regulators that it fell victim to a ransomware infection on August 16…