exploit – Page 10 – Experimental News Clipping Site

The Register: Microsoft reportedly cuts China’s early access to bug disclosures, PoC exploit code

Aug 21, 2025

—

by

Source URL: https://www.theregister.com/2025/08/21/microsoft_cuts_chinas_early_access/ Source: The Register Title: Microsoft reportedly cuts China’s early access to bug disclosures, PoC exploit code Feedly Summary: Better late than never after SharePoint assault? Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month’s SharePoint zero-day attacks, which appear to be related to a leak…

The Register: Honey, I shrunk the image and now I’m pwned

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/21/google_gemini_image_scaling_attack/ Source: The Register Title: Honey, I shrunk the image and now I’m pwned Feedly Summary: Google’s Gemini-powered tools tripped up by image-scaling prompt injection Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge…

Microsoft Security Blog: Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/ Source: Microsoft Security Blog Title: Think before you Click(Fix): Analyzing the ClickFix social engineering technique Feedly Summary: The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious…

The Register: Apple rushes out fix for active zero-day in iOS and macOS

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/21/apple_imageio_exploit/ Source: The Register Title: Apple rushes out fix for active zero-day in iOS and macOS Feedly Summary: Another ‘extremely sophisticated’ exploit chewing at Cupertino’s walled garden Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.……

Unit 42: Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/attackers-sell-your-bandwidth-using-sdks/ Source: Unit 42 Title: Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth Feedly Summary: A campaign leverages CVE-2024-36401 to stealthily monetize victims’ bandwidth where legitimate software development kits (SDKs) are deployed for passive income. The post Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth…

Microsoft Security Blog: Dissecting PipeMagic: Inside the architecture of a modular backdoor framework

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/18/dissecting-pipemagic-inside-the-architecture-of-a-modular-backdoor-framework/ Source: Microsoft Security Blog Title: Dissecting PipeMagic: Inside the architecture of a modular backdoor framework Feedly Summary: A comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application. Beneath its disguise, PipeMagic is a sophisticated malware framework designed for flexibility and…

Unit 42: Logit-Gap Steering: A New Frontier in Understanding and Probing LLM Safety

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/logit-gap-steering-impact/ Source: Unit 42 Title: Logit-Gap Steering: A New Frontier in Understanding and Probing LLM Safety Feedly Summary: New research from Unit 42 on logit-gap steering reveals how internal alignment measures can be bypassed, making external AI security vital. The post Logit-Gap Steering: A New Frontier in Understanding and Probing LLM Safety appeared…

The Register: Perplexity’s Comet browser naively processed pages with evil instructions

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/perplexity_comet_browser_prompt_injection/ Source: The Register Title: Perplexity’s Comet browser naively processed pages with evil instructions Feedly Summary: Rival Brave flags prompt injection vulnerability, now patched To the surprise of no one in the security industry, processing untrusted, unvalidated input is a bad idea.… AI Summary and Description: Yes Summary: The text discusses a recently…

The Register: FBI: Russian spies exploiting a 7-year-old Cisco bug to slurp configs from critical infrastructure

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/russian_fsb_cyberspies_exploiting_cisco_bug/ Source: The Register Title: FBI: Russian spies exploiting a 7-year-old Cisco bug to slurp configs from critical infrastructure Feedly Summary: Snarfing up config files for ‘thousands’ of devices…just for giggles, we’re sure The FBI and security researchers today warned that Russian government spies exploited a seven-year-old bug in end-of-life Cisco networking devices…

The Register: Commvault releases patches for two nasty bug chains after exploits proven

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/commvault_bug_chains_patched/ Source: The Register Title: Commvault releases patches for two nasty bug chains after exploits proven Feedly Summary: Researchers disclosing their findings said ‘it’s as bad as it sounds’ Researchers at watchTowr just published working proof-of-concept exploits for two unauthenticated remote code execution bug chains in backup giant Commvault.… AI Summary and Description:…

Tag: exploit