critical risk – Experimental News Clipping Site

The Register: HybridPetya: More proof that Secure Boot bypasses are not just an urban legend

Sep 12, 2025

—

by

Source URL: https://www.theregister.com/2025/09/12/hopefully_just_a_poc_hybridpetya/ Source: The Register Title: HybridPetya: More proof that Secure Boot bypasses are not just an urban legend Feedly Summary: Although it hasn’t been seen in the wild yet A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked…

The Register: Critical, make-me-super-user SAP S/4HANA bug under active exploitation

Sep 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/05/critical_sap_s4hana_bug_exploited/ Source: The Register Title: Critical, make-me-super-user SAP S/4HANA bug under active exploitation Feedly Summary: 9.9-rated flaw on the loose, so patch now A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers.… AI Summary and Description: Yes…

Schneier on Security: Indirect Prompt Injection Attacks Against LLM Assistants

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/09/indirect-prompt-injection-attacks-against-llm-assistants.html Source: Schneier on Security Title: Indirect Prompt Injection Attacks Against LLM Assistants Feedly Summary: Really good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks,…

Cisco Talos Blog: Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/libbiosig-tenda-sail-pdf-xchange-foxit-vulnerabilities/ Source: Cisco Talos Blog Title: Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader.The vulnerabilities mentioned in this blog…

Slashdot: Microsoft Warns Excel’s New AI Function ‘Can Give Incorrect Responses’ in High-Stakes Scenarios

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/08/20/128217/microsoft-warns-excels-new-ai-function-can-give-incorrect-responses-in-high-stakes-scenarios?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Microsoft Warns Excel’s New AI Function ‘Can Give Incorrect Responses’ in High-Stakes Scenarios Feedly Summary: AI Summary and Description: Yes Summary: Microsoft is testing a new AI feature called COPILOT in Excel that leverages OpenAI’s gpt-4.1-mini model for automating spreadsheet tasks through natural language. While it presents innovative capabilities…

Simon Willison’s Weblog: Screaming in the Cloud: AI’s Security Crisis: Why Your Assistant Might Betray You

Aug 13, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/13/screaming-in-the-cloud/ Source: Simon Willison’s Weblog Title: Screaming in the Cloud: AI’s Security Crisis: Why Your Assistant Might Betray You Feedly Summary: Screaming in the Cloud: AI’s Security Crisis: Why Your Assistant Might Betray You I recorded this podcast conversation with Corey Quinn a few weeks ago: On this episode of Screaming in the…

The Register: Russia’s RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/11/russias_romcom_among_those_exploiting/ Source: The Register Title: Russia’s RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks Feedly Summary: A few weeks earlier ‘zeroplayer’ advertised an $80K WinRAR 0-day exploit Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.… AI Summary and Description:…

Cloud Blog: Boosting defenders with AI: What’s coming at Security Summit 2025

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/boosting-defenders-with-ai-whats-coming-at-security-summit-2025/ Source: Cloud Blog Title: Boosting defenders with AI: What’s coming at Security Summit 2025 Feedly Summary: While AI can help empower defenders, it can also create new security challenges. Those two critical, interconnected themes are driving our announcements and presentations for this year’s Google Cloud Security Summit.Join us live for Security Summit…

Krebs on Security: Who Got Arrested in the Raid on the XSS Crime Forum?

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://krebsonsecurity.com/2025/08/who-got-arrested-in-the-raid-on-the-xss-crime-forum/ Source: Krebs on Security Title: Who Got Arrested in the Raid on the XSS Crime Forum? Feedly Summary: On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than…

Schneier on Security: Microsoft SharePoint Zero-Day

Jul 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/07/microsoft-sharepoint-zero-day.html Source: Schneier on Security Title: Microsoft SharePoint Zero-Day Feedly Summary: Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet.…

Tag: critical risk