disclosure – Page 17 – Experimental News Clipping Site

Bulletins: Vulnerability Summary for the Week of February 17, 2025

Feb 24, 2025

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-055 Source: Bulletins Title: Vulnerability Summary for the Week of February 17, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info a1post–A1POST.BG Shipping for Woo Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a…

Hacker News: Python’s official documentation contains textbook example of insecure code (XSS)

Feb 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://seclists.org/fulldisclosure/2025/Feb/15 Source: Hacker News Title: Python’s official documentation contains textbook example of insecure code (XSS) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights a critical security issue within Python’s documentation related to Cross-Site Scripting (XSS) vulnerabilities stemming from examples in the CGI module. This poses significant risks for web…

Unit 42: Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit

Feb 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/nvidia-cuda-toolkit-vulnerabilities/ Source: Unit 42 Title: Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit Feedly Summary: Unit 42 researchers detail nine vulnerabilities discovered in NVIDIA’s CUDA-based toolkit. The affected utilities help analyze cubin (binary) files. The post Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit appeared first on Unit 42. AI Summary and Description: Yes **Summary:**…

The Register: SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN

Feb 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/02/14/sonicwall_firewalls_under_attack_patch/ Source: The Register Title: SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN Feedly Summary: Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of…

Cisco Talos Blog: ClearML and Nvidia vulns

Feb 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/clearml-and-nvidia-vulns/ Source: Cisco Talos Blog Title: ClearML and Nvidia vulns Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort…

The Register: Critical PostgreSQL bug tied to zero-day attack on US Treasury

Feb 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/02/14/postgresql_bug_treasury/ Source: The Register Title: Critical PostgreSQL bug tied to zero-day attack on US Treasury Feedly Summary: High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.……

CSA: How Repsol’s DLP Strategy Enables an Embrace of GenAI

Feb 13, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.zscaler.com/cxorevolutionaries/insights/how-repsols-dlp-strategy-enables-fearless-embrace-genai Source: CSA Title: How Repsol’s DLP Strategy Enables an Embrace of GenAI Feedly Summary: AI Summary and Description: Yes Summary: The text outlines how Repsol, a global energy provider, is leveraging generative AI (GenAI) to enhance productivity while adhering to rigorous data loss prevention (DLP) protocols to mitigate associated risks. This highlights…

Hacker News: Chrome browser bringing an IP address privacy tool to Incognito

Feb 13, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://github.com/GoogleChrome/ip-protection Source: Hacker News Title: Chrome browser bringing an IP address privacy tool to Incognito Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a new IP Protection feature introduced in Chrome’s Incognito mode aimed at enhancing user privacy by limiting the disclosure of original IP addresses in certain third-party…

Embrace The Red: Hacking Gemini’s Memory with Prompt Injection and Delayed Tool Invocation

Feb 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/ Source: Embrace The Red Title: Hacking Gemini’s Memory with Prompt Injection and Delayed Tool Invocation Feedly Summary: Imagine your AI rewriting your personal history… A while ago Google added memories to Gemini. Memories allow Gemini to store user-related data across sessions, storing information in long-term memory. The feature is only available to…

Bulletins: Vulnerability Summary for the Week of February 3, 2025

Feb 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-041 Source: Bulletins Title: Vulnerability Summary for the Week of February 3, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info .TUBE gTLD–.TUBE Video Curator Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects…

Tag: disclosure