Tag: base64
-
Simon Willison’s Weblog: Image segmentation using Gemini 2.5
Source URL: https://simonwillison.net/2025/Apr/18/gemini-image-segmentation/ Source: Simon Willison’s Weblog Title: Image segmentation using Gemini 2.5 Feedly Summary: Max Woolf pointed out this new feature of the Gemini 2.5 series in a comment on Hacker News: One hidden note from Gemini 2.5 Flash when diving deep into the documentation: for image inputs, not only can the model be…
-
Simon Willison’s Weblog: Model Context Protocol has prompt injection security problems
Source URL: https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/#atom-everything Source: Simon Willison’s Weblog Title: Model Context Protocol has prompt injection security problems Feedly Summary: As more people start hacking around with implementations of MCP (the Model Context Protocol, a new standard for making tools available to LLM-powered systems) the security implications of tools built on that protocol are starting to come…
-
Cloud Blog: Windows Remote Desktop Protocol: Remote to Rogue
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol/ Source: Cloud Blog Title: Windows Remote Desktop Protocol: Remote to Rogue Feedly Summary: Written by: Rohit Nambiar Executive Summary In October 2024, Google Threat Intelligence Group (GTIG) observed a novel phishing campaign targeting European government and military organizations that was attributed to a suspected Russia-nexus espionage actor we track as UNC5837. The…
-
Cloud Blog: Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/ Source: Cloud Blog Title: Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) Feedly Summary: Written by: John Wolfram, Michael Edie, Jacob Thompson, Matt Lin, Josh Murchie On Thursday, April 3, 2025, Ivanti disclosed a critical security vulnerability, CVE-2025-22457, impacting Ivanti Connect Secure (“ICS”) VPN appliances version 22.7R2.5 and…
-
Bulletins: Vulnerability Summary for the Week of March 10, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-076 Source: Bulletins Title: Vulnerability Summary for the Week of March 10, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged…
-
Cloud Blog: Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers/ Source: Cloud Blog Title: Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers Feedly Summary: Written by: Lukasz Lamparski, Punsaen Boonyakarn, Shawn Chew, Frank Tse, Jakub Jozwiak, Mathew Potaczek, Logeswaran Nadarajan, Nick Harbour, Mustafa Nasser Introduction In mid 2024, Mandiant discovered threat actors deployed custom backdoors on Juniper Networks’ Junos…
-
Microsoft Security Blog: New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
Source URL: https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/ Source: Microsoft Security Blog Title: New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects Feedly Summary: Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild. Its first known variant since 2022, this latest XCSSET malware features…
-
Simon Willison’s Weblog: Mistral OCR
Source URL: https://simonwillison.net/2025/Mar/7/mistral-ocr/#atom-everything Source: Simon Willison’s Weblog Title: Mistral OCR Feedly Summary: Mistral OCR New closed-source specialist OCR model by Mistral – you can feed it images or a PDF and it produces Markdown with optional embedded images. It’s available via their API, or it’s “available to self-host on a selective basis" for people with…
-
Simon Willison’s Weblog: llm-anthropic #24: Use new URL parameter to send attachments
Source URL: https://simonwillison.net/2025/Mar/1/llm-anthropic/#atom-everything Source: Simon Willison’s Weblog Title: llm-anthropic #24: Use new URL parameter to send attachments Feedly Summary: llm-anthropic #24: Use new URL parameter to send attachments Anthropic released a neat quality of life improvement today. Alex Albert: We’ve added the ability to specify a public facing URL as the source for an image…
-
Bulletins: Vulnerability Summary for the Week of February 17, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-055 Source: Bulletins Title: Vulnerability Summary for the Week of February 17, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info a1post–A1POST.BG Shipping for Woo Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a…