Audits – Page 2 – Experimental News Clipping Site

Embrace The Red: Cross-Agent Privilege Escalation: When Agents Free Each Other

Sep 24, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/cross-agent-privilege-escalation-agents-that-free-each-other/ Source: Embrace The Red Title: Cross-Agent Privilege Escalation: When Agents Free Each Other Feedly Summary: During the Month of AI Bugs, I described an emerging vulnerability pattern that shows how commonly agentic systems have a design flaw that allows an agent to overwrite its own configuration and security settings. This allows the…

The Register: GitHub moves to tighten npm security amid phishing, malware plague

Sep 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/23/github_npm_registry_security/ Source: The Register Title: GitHub moves to tighten npm security amid phishing, malware plague Feedly Summary: Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.… AI Summary and Description:…

The Register: Crims bust through SonicWall to grab sensitive config data

Sep 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/18/sonicwall_breach/ Source: The Register Title: Crims bust through SonicWall to grab sensitive config data Feedly Summary: Vendor pulls plug on cloud backup feature, urges admins to reset passwords and re-secure devices SonicWall is telling some customers to reset passwords after attackers broke into its cloud backup service and accessed firewall configuration data.… AI…

Anchore: Anchore Enterprise is now SPDX 3 Ready

Sep 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/anchore-enterprise-is-now-spdx-3-ready/ Source: Anchore Title: Anchore Enterprise is now SPDX 3 Ready Feedly Summary: We’re excited to announce that Anchore Enterprise is now SDPX 3 ready. If you’re a native to the world of SBOMs this may feel a bit confusing given that the Linux Foundation announced the release of SPDX 3 last year.…

The Register: No gains, just pains as 1.6M fitness phone call recordings exposed online

Sep 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/09/gym_audio_recordings_exposed/ Source: The Register Title: No gains, just pains as 1.6M fitness phone call recordings exposed online Feedly Summary: HelloGym’s data security clearly skipped leg day Exclusive Sensitive info from hundreds of thousands of gym customers and staff – including names, financial details, and potentially biometric data in the form of audio recordings…

The Register: Attackers snooping around Sitecore, dropping malware via public sample keys

Sep 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/04/unknown_miscreants_snooping_around_sitecore/ Source: The Register Title: Attackers snooping around Sitecore, dropping malware via public sample keys Feedly Summary: You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping…

The Cloudflare Blog: The impact of the Salesloft Drift breach on Cloudflare and our customers

Sep 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.cloudflare.com/response-to-salesloft-drift-incident/ Source: The Cloudflare Blog Title: The impact of the Salesloft Drift breach on Cloudflare and our customers Feedly Summary: An advanced threat actor, GRUB1, exploited the integration between Salesloft’s Drift chat agent and Salesforce to gain unauthorized access to Salesforce tenants of Cloudflare and many other companies. AI Summary and Description: Yes…

The Register: Stolen OAuth tokens expose Palo Alto customer data

Sep 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/02/stolen_oauth_tokens_expose_palo/ Source: The Register Title: Stolen OAuth tokens expose Palo Alto customer data Feedly Summary: Security firm’s Salesforce instance accessed using credentials stolen from Salesloft’s Drift platform breach Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lifted from the Salesloft…

The Register: In the rush to adopt hot new tech, security is often forgotten. AI is no exception

Sep 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/02/exposed_ollama_servers_insecure_research/ Source: The Register Title: In the rush to adopt hot new tech, security is often forgotten. AI is no exception Feedly Summary: Cisco finds hundreds of Ollama servers open to unauthorized access, creating various nasty risks Cisco’s Talos security research team has found over 1,100 Ollama servers exposed to the public internet,…

The Register: Salesforce data missing? It might be due to Salesloft breach, Google says

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/27/salesforce_salesloft_breach/ Source: The Register Title: Salesforce data missing? It might be due to Salesloft breach, Google says Feedly Summary: Attackers steal OAuth tokens to access third-party sales platform, then CRM data in ‘widespread campaign’ Google says a recent spate of Salesforce-related breaches was caused by attackers stealing OAuth tokens from the third-party Salesloft…

Tag: Audits