by attack – Experimental News Clipping Site

Microsoft Security Blog: AI vs. AI: Detecting an AI-obfuscated phishing campaign

Sep 24, 2025

—

by

Source URL: https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/ Source: Microsoft Security Blog Title: AI vs. AI: Detecting an AI-obfuscated phishing campaign Feedly Summary: Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses, demonstrating a broader trend of attackers leveraging AI to increase the effectiveness of…

The Register: Crims bust through SonicWall to grab sensitive config data

Sep 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/18/sonicwall_breach/ Source: The Register Title: Crims bust through SonicWall to grab sensitive config data Feedly Summary: Vendor pulls plug on cloud backup feature, urges admins to reset passwords and re-secure devices SonicWall is telling some customers to reset passwords after attackers broke into its cloud backup service and accessed firewall configuration data.… AI…

Cloud Blog: How to secure your remote MCP server on Google Cloud

Sep 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/how-to-secure-your-remote-mcp-server-on-google-cloud/ Source: Cloud Blog Title: How to secure your remote MCP server on Google Cloud Feedly Summary: As enterprises increasingly adopt model context protocol (MCP) to extend capabilities of AI models to better integrate with external tools, databases, and APIs, it becomes even more important to ensure secure MCP deployment. MCP unlocks new…

Google Online Security Blog: Supporting Rowhammer research to protect the DRAM ecosystem

Sep 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: http://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html Source: Google Online Security Blog Title: Supporting Rowhammer research to protect the DRAM ecosystem Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the Rowhammer vulnerability in DRAM memory, which allows attackers to manipulate memory cells leading to unauthorized access or data corruption. It highlights the inadequacy of current mitigations…

The Register: Senator blasts Microsoft for ‘dangerous, insecure software’ that helped pwn US hospitals

Sep 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/11/wyden_microsoft_insecure/ Source: The Register Title: Senator blasts Microsoft for ‘dangerous, insecure software’ that helped pwn US hospitals Feedly Summary: Ron Wyden urges FTC to probe failure to secure Windows after attackers used Kerberoasting to cripple Ascension Microsoft is back in the firing line after US Senator Ron Wyden accused Redmond of shipping “dangerous,…

The Register: Boffins build automated Android bug hunting system

Sep 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/04/boffins_build_automated_android_bug_hunting/ Source: The Register Title: Boffins build automated Android bug hunting system Feedly Summary: AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to…

The Register: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/03/hexstrike_ai_citrix_exploits/ Source: The Register Title: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs Feedly Summary: LLMs and 0-days – what could possibly go wrong? Attackers on underground forums claimed they were using HexStrike AI, an open-source red-teaming tool, against Citrix NetScaler vulnerabilities within hours of disclosure, according to Check…

Krebs on Security: The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

Sep 1, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/ Source: Krebs on Security Title: The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft Feedly Summary: The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate…

Cisco Talos Blog: Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/libbiosig-tenda-sail-pdf-xchange-foxit-vulnerabilities/ Source: Cisco Talos Blog Title: Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader.The vulnerabilities mentioned in this blog…

The Register: Salesforce data missing? It might be due to Salesloft breach, Google says

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/27/salesforce_salesloft_breach/ Source: The Register Title: Salesforce data missing? It might be due to Salesloft breach, Google says Feedly Summary: Attackers steal OAuth tokens to access third-party sales platform, then CRM data in ‘widespread campaign’ Google says a recent spate of Salesforce-related breaches was caused by attackers stealing OAuth tokens from the third-party Salesloft…

Tag: by attack