Tag: base64
-
Cloud Blog: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability/ Source: Cloud Blog Title: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) Feedly Summary: Written by: Rommel Joven, Josh Fleischer, Joseph Sciuto, Andi Slok, Choon Kiat Ng In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging sample machine keys that had been exposed in…
-
Cloud Blog: Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats/ Source: Cloud Blog Title: Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats Feedly Summary: Written by: Patrick Whitsell In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities…
-
Cloud Blog: How to build a real-time voice agent with Gemini, Google ADK, and A2A protocol
Source URL: https://cloud.google.com/blog/products/ai-machine-learning/build-a-real-time-voice-agent-with-gemini-adk/ Source: Cloud Blog Title: How to build a real-time voice agent with Gemini, Google ADK, and A2A protocol Feedly Summary: Building advanced conversational AI has moved well beyond text. Now, we can use AI to create real-time, voice-driven agents. However, these systems need low-latency, two-way communication, real-time information retrieval, and the ability…
-
Cloud Blog: A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor/ Source: Cloud Blog Title: A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor Feedly Summary: Written by: Marco Galli Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the “Frontline Bulletin" series brings you the latest on the most intriguing compromises we are seeing in the wild right now, equipping our community…
-
Simon Willison’s Weblog: The Summer of Johann: prompt injections as far as the eye can see
Source URL: https://simonwillison.net/2025/Aug/15/the-summer-of-johann/#atom-everything Source: Simon Willison’s Weblog Title: The Summer of Johann: prompt injections as far as the eye can see Feedly Summary: Independent AI researcher Johann Rehberger has had an absurdly busy August. Under the heading The Month of AI Bugs he has been publishing one report per day across an array of different…
-
Simon Willison’s Weblog: When a Jira Ticket Can Steal Your Secrets
Source URL: https://simonwillison.net/2025/Aug/9/when-a-jira-ticket-can-steal-your-secrets/ Source: Simon Willison’s Weblog Title: When a Jira Ticket Can Steal Your Secrets Feedly Summary: When a Jira Ticket Can Steal Your Secrets Zenity Labs describe a classic lethal trifecta attack, this time against Cursor, MCP, Jira and Zendesk. They also have a short video demonstrating the issue. Zendesk support emails are…
-
Simon Willison’s Weblog: My Lethal Trifecta talk at the Bay Area AI Security Meetup
Source URL: https://simonwillison.net/2025/Aug/9/bay-area-ai/#atom-everything Source: Simon Willison’s Weblog Title: My Lethal Trifecta talk at the Bay Area AI Security Meetup Feedly Summary: I gave a talk on Wednesday at the Bay Area AI Security Meetup about prompt injection, the lethal trifecta and the challenges of securing systems that use MCP. It wasn’t recorded but I’ve created…
-
Simon Willison’s Weblog: Reverse engineering some updates to Claude
Source URL: https://simonwillison.net/2025/Jul/31/updates-to-claude/#atom-everything Source: Simon Willison’s Weblog Title: Reverse engineering some updates to Claude Feedly Summary: Anthropic released two major new features for their consumer-facing Claude apps in the past couple of days. Sadly, they don’t do a very good job of updating the release notes for those apps – neither of these releases came…
-
Cloud Blog: Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/sonicwall-secure-mobile-access-exploitation-overstep-backdoor/ Source: Cloud Blog Title: Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor Feedly Summary: Written by: Josh Goddard, Zander Work, Dimiter Andonov Introduction Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall…
-
Simon Willison’s Weblog: Voxtral
Source URL: https://simonwillison.net/2025/Jul/16/voxtral/#atom-everything Source: Simon Willison’s Weblog Title: Voxtral Feedly Summary: Voxtral Mistral released their first audio-input models yesterday: Voxtral Small and Voxtral Mini. These state‑of‑the‑art speech understanding models are available in two sizes—a 24B variant for production-scale applications and a 3B variant for local and edge deployments. Both versions are released under the Apache…