Tag: coding
-
Embrace The Red: Windsurf MCP Integration: Missing Security Controls Put Users at Risk
Source URL: https://embracethered.com/blog/posts/2025/windsurf-dangers-lack-of-security-controls-for-mcp-server-tool-invocation/ Source: Embrace The Red Title: Windsurf MCP Integration: Missing Security Controls Put Users at Risk Feedly Summary: Part of my default test cases for coding agents is to check how MCP integration looks like, especially if the agent can be configured to allow setting fine-grained controls for tools. Sometimes there are basic…
-
Slashdot: Anthropic Will Start Training Its AI Models on Chat Transcripts
Source URL: https://yro.slashdot.org/story/25/08/28/1643241/anthropic-will-start-training-its-ai-models-on-chat-transcripts?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Anthropic Will Start Training Its AI Models on Chat Transcripts Feedly Summary: AI Summary and Description: Yes Summary: Anthropic has announced a new policy regarding the use of user data for training its AI models, which now includes chat transcripts and coding sessions. Users must choose to opt out…
-
Cisco Talos Blog: Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities
Source URL: https://blog.talosintelligence.com/libbiosig-tenda-sail-pdf-xchange-foxit-vulnerabilities/ Source: Cisco Talos Blog Title: Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader.The vulnerabilities mentioned in this blog…
-
Embrace The Red: Cline: Vulnerable To Data Exfiltration And How To Protect Your Data
Source URL: https://embracethered.com/blog/posts/2025/cline-vulnerable-to-data-exfiltration/ Source: Embrace The Red Title: Cline: Vulnerable To Data Exfiltration And How To Protect Your Data Feedly Summary: Cline is quite a popular AI coding agent, according to the product website it has 2+ million downloads and over 47k stars on GitHub. Unfortunately, Cline is vulnerable to data exfiltration through the rendering…
-
Cloud Blog: Widespread Data Theft Targets Salesforce Instances via Salesloft Drift
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift/ Source: Cloud Blog Title: Widespread Data Theft Targets Salesforce Instances via Salesloft Drift Feedly Summary: Written by: Austin Larsen, Matt Lin, Tyler McLellan, Omar ElAhdan Introduction Google Threat Intelligence Group (GTIG) is issuing an advisory to alert organizations about a widespread data theft campaign, carried out by the actor tracked as UNC6395.…
-
Embrace The Red: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection
Source URL: https://embracethered.com/blog/posts/2025/aws-kiro-aribtrary-command-execution-with-indirect-prompt-injection/ Source: Embrace The Red Title: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection Feedly Summary: On the day AWS Kiro was released, I couldn’t resist putting it through some of my Month of AI Bugs security tests for coding agents. AWS Kiro was vulnerable to arbitrary command execution via indirect prompt…
-
Cloud Blog: Chat with your data from anywhere: Announcing Google’s Conversational Analytics API
Source URL: https://cloud.google.com/blog/products/data-analytics/understanding-lookers-conversational-analytics-api/ Source: Cloud Blog Title: Chat with your data from anywhere: Announcing Google’s Conversational Analytics API Feedly Summary: Decision-makers, employees, and customers all need answers where they work: in the applications they use every day. In recent years, the rise of AI-powered BI has transformed our relationship with data, enabling us to ask…
-
Simon Willison’s Weblog: DeepSeek 3.1
Source URL: https://simonwillison.net/2025/Aug/22/deepseek-31/#atom-everything Source: Simon Willison’s Weblog Title: DeepSeek 3.1 Feedly Summary: DeepSeek 3.1 The latest model from DeepSeek, a 685B monster (like DeepSeek v3 before it) but this time it’s a hybrid reasoning model. DeepSeek claim: DeepSeek-V3.1-Think achieves comparable answer quality to DeepSeek-R1-0528, while responding more quickly. Drew Breunig points out that their benchmarks…
-
Simon Willison’s Weblog: too many model context protocol servers and LLM allocations on the dance floor
Source URL: https://simonwillison.net/2025/Aug/22/too-many-mcps/#atom-everything Source: Simon Willison’s Weblog Title: too many model context protocol servers and LLM allocations on the dance floor Feedly Summary: too many model context protocol servers and LLM allocations on the dance floor Useful reminder from Geoffrey Huntley of the infrequently discussed significant token cost of using MCP. Geoffrey estimate estimates that…
-
Cloud Blog: 101+ gen AI use cases with technical blueprints
Source URL: https://cloud.google.com/blog/products/ai-machine-learning/real-world-gen-ai-use-cases-with-technical-blueprints/ Source: Cloud Blog Title: 101+ gen AI use cases with technical blueprints Feedly Summary: A little over a year ago, we published a list of generative AI use cases that has since grown to include more than 600 examples of how organizations are putting AI to work. Yet for many developers and…