Experimental News Clipping Site

Tag: attack

  • Slashdot: $1M Stolen in ‘Industrial-Scale Crypto Theft’ Using AI-Generated Code

    by

    Kurt Seifried
    in

    Source URL: https://yro.slashdot.org/story/25/08/11/0037258/1m-stolen-in-industrial-scale-crypto-theft-using-ai-generated-code?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: $1M Stolen in ‘Industrial-Scale Crypto Theft’ Using AI-Generated Code Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a sophisticated cybercrime operation, GreedyBear, which utilizes a highly coordinated strategy, weaponizing browser extensions and phishing sites to facilitate industrial-scale crypto theft. The group’s innovative techniques, including the modification…

  • Embrace The Red: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/openhands-remote-code-execution-zombai/ Source: Embrace The Red Title: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution Feedly Summary: Today we have another post about OpenHands from All Hands AI. It is a popular agent, initially named “OpenDevin”, and recently the company also provides a cloud-based service. Which is all pretty cool and exciting. Prompt…

  • Cisco Talos Blog: ReVault! When your SoC turns against you… deep dive edition

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you-2/ Source: Cisco Talos Blog Title: ReVault! When your SoC turns against you… deep dive edition Feedly Summary: Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.  AI Summary and Description: Yes **Summary:** The text conducts an in-depth analysis…

  • Embrace The Red: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/openhands-the-lethal-trifecta-strikes-again/ Source: Embrace The Red Title: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets Feedly Summary: Another day, another AI data exfiltration exploit. Today we talk about OpenHands, formerly referred to as OpenDevin initially. It’s created by All-Hands AI. OpenHands renders images in chat, which enables zero-click data exfiltration during prompt injection…

  • Simon Willison’s Weblog: When a Jira Ticket Can Steal Your Secrets

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Aug/9/when-a-jira-ticket-can-steal-your-secrets/ Source: Simon Willison’s Weblog Title: When a Jira Ticket Can Steal Your Secrets Feedly Summary: When a Jira Ticket Can Steal Your Secrets Zenity Labs describe a classic lethal trifecta attack, this time against Cursor, MCP, Jira and Zendesk. They also have a short video demonstrating the issue. Zendesk support emails are…

  • Slashdot: Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ For Enterprise

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/08/08/2113251/red-teams-jailbreak-gpt-5-with-ease-warn-its-nearly-unusable-for-enterprise?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ For Enterprise Feedly Summary: AI Summary and Description: Yes Summary: The text highlights significant security vulnerabilities in the newly released GPT-5 model, noting that it was easily jailbroken within a short timeframe. The results from different red teaming efforts…

  • The Register: Infosec hounds spot prompt injection vuln in Google Gemini apps

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/08/infosec_hounds_spot_prompt_injection/ Source: The Register Title: Infosec hounds spot prompt injection vuln in Google Gemini apps Feedly Summary: Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed Black hat A trio of researchers has disclosed a major prompt injection vulnerability in Google’s Gemini large…

  • The Register: OpenAI’s GPT-5 is here with up to 80% fewer hallucinations

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/07/openai_gpt_5/ Source: The Register Title: OpenAI’s GPT-5 is here with up to 80% fewer hallucinations Feedly Summary: That totally makes up for the single-digit benchmark gains, right? OpenAI unveiled its most capable model yet on Thursday with the launch of GPT-5.… AI Summary and Description: Yes Summary: The announcement of OpenAI’s GPT-5 represents…

  • Wired: Encryption Made for Police and Military Radios May Be Easily Cracked

    by

    Kurt Seifried
    in

    Source URL: https://www.wired.com/story/encryption-made-for-police-and-military-radios-may-be-easily-cracked-researchers-find/ Source: Wired Title: Encryption Made for Police and Military Radios May Be Easily Cracked Feedly Summary: Researchers found that an encryption algorithm likely used by law enforcement and special forces can have weaknesses that could allow an attacker to listen in. AI Summary and Description: Yes Summary: The text highlights a critical…