Audits – Page 3 – Experimental News Clipping Site

Slashdot: Meta’s AI Rules Have Let Bots Hold ‘Sensual’ Chats With Kids, Offer False Medical Info

Aug 14, 2025

—

by

Source URL: https://tech.slashdot.org/story/25/08/14/1759222/metas-ai-rules-have-let-bots-hold-sensual-chats-with-kids-offer-false-medical-info?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Meta’s AI Rules Have Let Bots Hold ‘Sensual’ Chats With Kids, Offer False Medical Info Feedly Summary: AI Summary and Description: Yes Summary: The document raises significant concerns regarding the ethical implications of AI use in children’s interactions and the propagation of harmful stereotypes. This situation emphasizes the importance…

Embrace The Red: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)

Aug 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/ Source: Embrace The Red Title: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) Feedly Summary: This post is about an important, but also scary, prompt injection discovery that leads to full system compromise of the developer’s machine in GitHub Copilot and VS Code. It is achieved by placing Copilot into YOLO…

Cloud Blog: Accelerating FedRAMP 20x: How Google Cloud is automating compliance

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/public-sector/accelerating-fedramp-20x-how-google-cloud-is-automating-compliance/ Source: Cloud Blog Title: Accelerating FedRAMP 20x: How Google Cloud is automating compliance Feedly Summary: Google is committed to helping federal agencies meet their mission, more securely and more efficiently, with innovative cloud technologies. Today, we’re reinforcing our commitment to FedRAMP 20x, an innovative pilot program that marks a paradigm shift in…

Embrace The Red: I Spent $500 To Test Devin For Prompt Injection So That You Don’t Have To

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/devin-i-spent-usd500-to-hack-devin/ Source: Embrace The Red Title: I Spent $500 To Test Devin For Prompt Injection So That You Don’t Have To Feedly Summary: Today we cover Devin from Cognition, the first AI Software Engineer. We will cover Devin proof-of-concept exploits in multiple posts over the next few days. In this first post, we…

Unit 42: When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/badsuccessor-attack-vector/ Source: Unit 42 Title: When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory Feedly Summary: BadSuccessor is an attack vector in Windows Server 2025. Under certain conditions it allows privilege elevation via dMSAs. We analyze its mechanics. The post When Good Accounts Go Bad: Exploiting Delegated Managed Service…

The Register: Vibe coding tool Cursor’s MCP implementation allows persistent code execution

Aug 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/05/mcpoison_bug_abuses_cursor_mcp/ Source: The Register Title: Vibe coding tool Cursor’s MCP implementation allows persistent code execution Feedly Summary: More evidence that AI expands the attack surface Check Point researchers uncovered a remote code execution bug in popular vibe-coding AI tool Cursor that could allow an attacker to poison developer environments by secretly modifying a…

Embrace The Red: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed

Aug 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amp-agents-that-modify-system-configuration-and-escape/ Source: Embrace The Red Title: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed Feedly Summary: Sandbox-escape-style attacks can happen when an AI is able to modify its own configuration settings, such as by writing to configuration files. That was the case with Amp, an agentic coding tool built by Sourcegraph. The…

Slashdot: Nearly 100,000 ChatGPT Conversations Were Searchable on Google

Aug 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://yro.slashdot.org/story/25/08/05/1535248/nearly-100000-chatgpt-conversations-were-searchable-on-google?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Nearly 100,000 ChatGPT Conversations Were Searchable on Google Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant privacy concern regarding nearly 100,000 publicly shared conversations from OpenAI’s ChatGPT that were indexed by Google. It highlights the potential risks involved when users share conversations, revealing a…

Cloud Blog: How Cake, Vietnam’s leading digital bank, found the right mix of simplicity and security with ChromeOS and Chrome Enterprise

Aug 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/chrome-enterprise/how-cake-vietnams-leading-digital-bank-found-the-right-mix-of-simplicity-and-security-with-chromeos-and-chrome-enterprise/ Source: Cloud Blog Title: How Cake, Vietnam’s leading digital bank, found the right mix of simplicity and security with ChromeOS and Chrome Enterprise Feedly Summary: Editor’s note: Today’s post is by Hiển Từ Thế (Jay), Chief Technology Officer for Cake Digital Bank, a prominent digital-only bank in Vietnam offering a comprehensive suite…

CSA: Quishing is Here, and It’s Hiding in Plain Sight

Jul 31, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloudsecurityalliance.org/articles/quishing-is-here-and-it-s-hiding-in-plain-sight Source: CSA Title: Quishing is Here, and It’s Hiding in Plain Sight Feedly Summary: AI Summary and Description: Yes **Summary:** The text highlights the emerging threat of “quishing,” where malicious QR codes deceive users into accessing phishing sites. It emphasizes the ease with which attackers can exploit public spaces, the low-security environments,…

Tag: Audits