awareness – Page 13 – Experimental News Clipping Site

Embrace The Red: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)

Aug 12, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/ Source: Embrace The Red Title: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) Feedly Summary: This post is about an important, but also scary, prompt injection discovery that leads to full system compromise of the developer’s machine in GitHub Copilot and VS Code. It is achieved by placing Copilot into YOLO…

Slashdot: Sloppy AI Defenses Take Cybersecurity Back To the 1990s, Researchers Say

Aug 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/08/12/2037200/sloppy-ai-defenses-take-cybersecurity-back-to-the-1990s-researchers-say Source: Slashdot Title: Sloppy AI Defenses Take Cybersecurity Back To the 1990s, Researchers Say Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the significant security risks associated with artificial intelligence, particularly at the Black Hat USA 2025 conference. As AI technologies such as large language models become prevalent, they…

The Register: Suetopia: Generative AI is a lawsuit waiting to happen to your business

Aug 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/12/genai_lawsuit/ Source: The Register Title: Suetopia: Generative AI is a lawsuit waiting to happen to your business Feedly Summary: Enter a prompt and get back a copyright infringement More and more US companies are using generative AI as a way to save money they might otherwise pay creative professionals. But they’re not thinking…

The Register: Red teams are safe from robots for now, as AI makes better shield than spear

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/11/ai_security_offense_defense/ Source: The Register Title: Red teams are safe from robots for now, as AI makes better shield than spear Feedly Summary: The bad news? The machines, and their operators, are coming on fast Black Hat/DEF CON At the opening of Black Hat, the largest security shindig in the Hacker Summer Camp week…

Simon Willison’s Weblog: Quoting Ethan Mollick

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/9/ethan-mollick/#atom-everything Source: Simon Willison’s Weblog Title: Quoting Ethan Mollick Feedly Summary: The issue with GPT-5 in a nutshell is that unless you pay for model switching & know to use GPT-5 Thinking or Pro, when you ask “GPT-5” you sometimes get the best available AI & sometimes get one of the worst AIs…

Embrace The Red: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/openhands-the-lethal-trifecta-strikes-again/ Source: Embrace The Red Title: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets Feedly Summary: Another day, another AI data exfiltration exploit. Today we talk about OpenHands, formerly referred to as OpenDevin initially. It’s created by All-Hands AI. OpenHands renders images in chat, which enables zero-click data exfiltration during prompt injection…

Simon Willison’s Weblog: My Lethal Trifecta talk at the Bay Area AI Security Meetup

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/9/bay-area-ai/#atom-everything Source: Simon Willison’s Weblog Title: My Lethal Trifecta talk at the Bay Area AI Security Meetup Feedly Summary: I gave a talk on Wednesday at the Bay Area AI Security Meetup about prompt injection, the lethal trifecta and the challenges of securing systems that use MCP. It wasn’t recorded but I’ve created…

Wired: A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data

Aug 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.wired.com/story/corporate-livestreams-exposed-search-tool/ Source: Wired Title: A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data Feedly Summary: A security researcher discovered that flawed API configurations are plaguing corporate livestreaming platforms, potentially exposing internal company meetings—and he’s releasing a tool to find them. AI Summary and Description: Yes Summary: The text highlights a security…

The Register: Infosec hounds spot prompt injection vuln in Google Gemini apps

Aug 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/08/infosec_hounds_spot_prompt_injection/ Source: The Register Title: Infosec hounds spot prompt injection vuln in Google Gemini apps Feedly Summary: Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed Black hat A trio of researchers has disclosed a major prompt injection vulnerability in Google’s Gemini large…

Slashdot: Encryption Made For Police and Military Radios May Be Easily Cracked

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/08/07/217234/encryption-made-for-police-and-military-radios-may-be-easily-cracked Source: Slashdot Title: Encryption Made For Police and Military Radios May Be Easily Cracked Feedly Summary: AI Summary and Description: Yes Summary: The text highlights critical vulnerabilities in an encryption algorithm widely used in radios for essential sectors, including law enforcement and military. After researchers discovered a backdoor in the original algorithm,…

Tag: awareness