Tag: Configuration

Source URL: https://www.docker.com/blog/fedramp-compliance-with-hardened-images/ Source: Docker Title: Accelerating FedRAMP Compliance with Docker Hardened Images Feedly Summary: Federal Risk and Authorization Management Program (FedRAMP) compliance costs typically range from $450,000 to over $2 million and take 12 to 18 months to achieve, time your competitors are using to capture government contracts. While you’re spending months configuring FIPS…

The Register: Vibe coding tool Cursor’s MCP implementation allows persistent code execution

—

by

Source URL: https://www.theregister.com/2025/08/05/mcpoison_bug_abuses_cursor_mcp/ Source: The Register Title: Vibe coding tool Cursor’s MCP implementation allows persistent code execution Feedly Summary: More evidence that AI expands the attack surface Check Point researchers uncovered a remote code execution bug in popular vibe-coding AI tool Cursor that could allow an attacker to poison developer environments by secretly modifying a…

Docker: Everyone’s a Snowflake: Designing Hardened Image Processes for the Real World

—

by

Source URL: https://www.docker.com/blog/hardened-image-best-practices/ Source: Docker Title: Everyone’s a Snowflake: Designing Hardened Image Processes for the Real World Feedly Summary: Hardened container images and distroless software are the new hotness as startups and incumbents alike pile into the fast-growing market. In theory, hardened images provide not only a smaller attack surface but operational simplicity. In practice,…

AWS News Blog: Introducing Amazon Elastic VMware Service for running VMware Cloud Foundation on AWS

—

by

Source URL: https://aws.amazon.com/blogs/aws/introducing-amazon-elastic-vmware-service-for-running-vmware-cloud-foundation-on-aws/ Source: AWS News Blog Title: Introducing Amazon Elastic VMware Service for running VMware Cloud Foundation on AWS Feedly Summary: Amazon Elastic VMware Service (Amazon EVS) enables organizations to run VMware Cloud Foundation environments directly within Amazon VPCs, simplifying workload migration while maintaining familiar tools and providing access to the scalability, agility, and…

Embrace The Red: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed

—

by

Source URL: https://embracethered.com/blog/posts/2025/amp-agents-that-modify-system-configuration-and-escape/ Source: Embrace The Red Title: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed Feedly Summary: Sandbox-escape-style attacks can happen when an AI is able to modify its own configuration settings, such as by writing to configuration files. That was the case with Amp, an agentic coding tool built by Sourcegraph. The…

Simon Willison’s Weblog: ChatGPT agent’s user-agent

—

by

Source URL: https://simonwillison.net/2025/Aug/4/chatgpt-agents-user-agent/#atom-everything Source: Simon Willison’s Weblog Title: ChatGPT agent’s user-agent Feedly Summary: I was exploring how ChatGPT agent works today. I learned some interesting things about how it exposes its identity through HTTP headers, then made a huge blunder in thinking it was leaking its URLs to Bingbot and Yandex… but it turned out…

Embrace The Red: Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation

Aug 3, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/anthropic-filesystem-mcp-server-bypass/ Source: Embrace The Red Title: Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation Feedly Summary: A few months ago I was looking at the filesystem MCP server from Anthropic. The server allows to give an AI, like Claude Desktop, access to the local filesystem to read files or edit…

Embrace The Red: Turning ChatGPT Codex Into A ZombAI Agent

Aug 2, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/chatgpt-codex-remote-control-zombai/ Source: Embrace The Red Title: Turning ChatGPT Codex Into A ZombAI Agent Feedly Summary: Today we cover ChatGPT Codex as part of the Month of AI Bugs series. ChatGPT Codex is a cloud-based software engineering agent that answers codebase questions, executes code, and drafts pull requests. In particular, this post will demonstrate…

Cloud Blog: Introducing Google Cloud Setup: Your guided pathway to a secure cloud foundation

Aug 1, 2025

—

by