Experimental News Clipping Site

Tag: Content Security Policy

  • Simon Willison’s Weblog: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Jun/11/echoleak/ Source: Simon Willison’s Weblog Title: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot Feedly Summary: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is…

  • Hacker News: Malicious extensions circumvent Google’s remote code ban

    by

    Kurt Seifried
    in

    Source URL: https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/ Source: Hacker News Title: Malicious extensions circumvent Google’s remote code ban Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses security vulnerabilities related to malicious browser extensions in the Chrome Web Store, focusing on how they can execute remote code and compromise user privacy. It critiques Google’s policies regarding…

  • Hacker News: Go-Safeweb

    by

    system automation
    in

    Source URL: https://github.com/google/go-safeweb Source: Hacker News Title: Go-Safeweb Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the development of a set of secure-by-default libraries for creating HTTP servers in Go. It emphasizes the need to eliminate common security vulnerabilities through careful API design, offering insights into how these libraries can help…

  • Bulletins: Vulnerability Summary for the Week of October 28, 2024

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb24-309 Source: Bulletins Title: Vulnerability Summary for the Week of October 28, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acnoo — flutter_api  Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API:…

  • Embrace The Red: Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed.

    by

    system automation
    in

    Source URL: https://embracethered.com/blog/posts/2024/google-ai-studio-data-exfiltration-now-fixed/ Source: Embrace The Red Title: Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed. Feedly Summary: Recently, I found what appeared to be a regression or bypass that again allowed data exfiltration via image rendering during prompt injection. See the previous post here. Data Exfiltration via Rendering HTML Image Tags During…