Tag: attackers

Source URL: https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/ Source: Unit 42 Title: Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild Feedly Summary: CVE-2025-32433 allows for remote code execution in sshd for certain versions of Erlang programming language’s OTP. We reproduced this CVE and share our findings. The post Keys to the Kingdom: Erlang/OTP SSH…

Simon Willison’s Weblog: When a Jira Ticket Can Steal Your Secrets

Aug 9, 2025

—

by

Source URL: https://simonwillison.net/2025/Aug/9/when-a-jira-ticket-can-steal-your-secrets/ Source: Simon Willison’s Weblog Title: When a Jira Ticket Can Steal Your Secrets Feedly Summary: When a Jira Ticket Can Steal Your Secrets Zenity Labs describe a classic lethal trifecta attack, this time against Cursor, MCP, Jira and Zendesk. They also have a short video demonstrating the issue. Zendesk support emails are…

Simon Willison’s Weblog: My Lethal Trifecta talk at the Bay Area AI Security Meetup

Aug 9, 2025

—

by

Source URL: https://simonwillison.net/2025/Aug/9/bay-area-ai/#atom-everything Source: Simon Willison’s Weblog Title: My Lethal Trifecta talk at the Bay Area AI Security Meetup Feedly Summary: I gave a talk on Wednesday at the Bay Area AI Security Meetup about prompt injection, the lethal trifecta and the challenges of securing systems that use MCP. It wasn’t recorded but I’ve created…

Wired: Encryption Made for Police and Military Radios May Be Easily Cracked

—

by

Source URL: https://www.wired.com/story/encryption-made-for-police-and-military-radios-may-be-easily-cracked-researchers-find/ Source: Wired Title: Encryption Made for Police and Military Radios May Be Easily Cracked Feedly Summary: Researchers found that an encryption algorithm likely used by law enforcement and special forces can have weaknesses that could allow an attacker to listen in. AI Summary and Description: Yes Summary: The text highlights a critical…

Docker: MCP Horror Stories: The Supply Chain Attack

—

by

Source URL: https://www.docker.com/blog/mcp-horror-stories-the-supply-chain-attack/ Source: Docker Title: MCP Horror Stories: The Supply Chain Attack Feedly Summary: This is Part 2 of our MCP Horror Stories series, an in-depth look at real-world security incidents exposing the vulnerabilities in AI infrastructure, and how the Docker MCP Toolkit delivers enterprise-grade protection. The Model Context Protocol (MCP) promised to be…

The Register: Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’

—

by

Source URL: https://www.theregister.com/2025/08/07/microsoft_cisa_warn_yet_another/ Source: The Register Title: Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’ Feedly Summary: No reported in-the-wild exploits…yet Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange…

Embrace The Red: How Devin AI Can Leak Your Secrets Via Multiple Means

—

by

Source URL: https://embracethered.com/blog/posts/2025/devin-can-leak-your-secrets/ Source: Embrace The Red Title: How Devin AI Can Leak Your Secrets Via Multiple Means Feedly Summary: In this post we show how an attacker can make Devin send sensitive information to third-party servers, via multiple means. This post assumes that you read the first post about Devin as well. But here…

Cloud Blog: Secure your storage: Best practices to prevent dangling bucket takeovers

—

by

Source URL: https://cloud.google.com/blog/products/identity-security/best-practices-to-prevent-dangling-bucket-takeovers/ Source: Cloud Blog Title: Secure your storage: Best practices to prevent dangling bucket takeovers Feedly Summary: Storage buckets are where your data lives in the cloud. Much like digital real estate, these buckets are your own plot of land on the internet. When you move away and no longer need a specific…

Embrace The Red: I Spent $500 To Test Devin For Prompt Injection So That You Don’t Have To

Aug 6, 2025

—

by