Tag: development tools
-
Embrace The Red: How Prompt Injection Exposes Manus’ VS Code Server to the Internet
Source URL: https://embracethered.com/blog/posts/2025/manus-ai-kill-chain-expose-port-vs-code-server-on-internet/ Source: Embrace The Red Title: How Prompt Injection Exposes Manus’ VS Code Server to the Internet Feedly Summary: Today we will cover a powerful, easy to use, autonomous agent called Manus. Manus is developed by the Chinese startup Monica, based in Singapore. This post demonstrates an end-to-end indirect prompt injection attack leading…
-
Embrace The Red: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)
Source URL: https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/ Source: Embrace The Red Title: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) Feedly Summary: This post is about an important, but also scary, prompt injection discovery that leads to full system compromise of the developer’s machine in GitHub Copilot and VS Code. It is achieved by placing Copilot into YOLO…
-
Embrace The Red: Claude Code: Data Exfiltration with DNS Requests
Source URL: https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/ Source: Embrace The Red Title: Claude Code: Data Exfiltration with DNS Requests Feedly Summary: Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g.…
-
Embrace The Red: Turning ChatGPT Codex Into A ZombAI Agent
Source URL: https://embracethered.com/blog/posts/2025/chatgpt-codex-remote-control-zombai/ Source: Embrace The Red Title: Turning ChatGPT Codex Into A ZombAI Agent Feedly Summary: Today we cover ChatGPT Codex as part of the Month of AI Bugs series. ChatGPT Codex is a cloud-based software engineering agent that answers codebase questions, executes code, and drafts pull requests. In particular, this post will demonstrate…
-
Slashdot: Linux Kernel Could Soon Expose Every Line AI Helps Write
Source URL: https://linux.slashdot.org/story/25/07/25/1950226/linux-kernel-could-soon-expose-every-line-ai-helps-write?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Linux Kernel Could Soon Expose Every Line AI Helps Write Feedly Summary: AI Summary and Description: Yes Summary: Brian Fagioli reports on Sasha Levin’s proposed patch series for integrating AI coding assistants into the Linux kernel, which introduces key guidelines for managing AI-generated contributions. This effort highlights the growing…
-
AWS News Blog: AWS Weekly Roundup: Kiro, AWS Lambda remote debugging, Amazon ECS blue/green deployments, Amazon Bedrock AgentCore, and more (July 21, 2025)
Source URL: https://aws.amazon.com/blogs/aws/aws-weekly-roundup-kiro-aws-lambda-remote-debugging-amazon-ecs-blue-green-deployments-amazon-bedrock-agentcore-and-more-july-21-2025/ Source: AWS News Blog Title: AWS Weekly Roundup: Kiro, AWS Lambda remote debugging, Amazon ECS blue/green deployments, Amazon Bedrock AgentCore, and more (July 21, 2025) Feedly Summary: I’m writing this as I depart from Ho Chi Minh City back to Singapore. Just realized what a week it’s been, so let me rewind…
-
Slashdot: Cognition AI Buys Windsurf as AI Frenzy Escalates
Source URL: https://slashdot.org/story/25/07/14/1820248/cognition-ai-buys-windsurf-as-ai-frenzy-escalates?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Cognition AI Buys Windsurf as AI Frenzy Escalates Feedly Summary: AI Summary and Description: Yes Summary: The acquisition of Windsurf by Cognition AI highlights the competitive landscape in AI software development, particularly in coding assistance technologies. This shift signifies a larger trend towards automating software creation and enhancing productivity…