Experimental News Clipping Site

Tag: exploit

  • Slashdot: Amid Service Disruption, Colt Telecom Confirms ‘Criminal Group’ Accessed Their Data, As Ransomware Gang Threatens to Sell It

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/08/23/0910226/amid-service-disruption-colt-telecom-confirms-criminal-group-accessed-their-data-as-ransomware-gang-threatens-to-sell-it?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Amid Service Disruption, Colt Telecom Confirms ‘Criminal Group’ Accessed Their Data, As Ransomware Gang Threatens to Sell It Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant cyber attack on Colt Telecom that has led to prolonged service disruptions and the theft of customer documentation.…

  • Embrace The Red: Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/windsurf-spaiware-exploit-persistent-prompt-injection/ Source: Embrace The Red Title: Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit) Feedly Summary: In this second post about Windsurf Cascade we are exploring the SpAIware attack, which allows memory persistent data exfiltration. SpAIware is an attack we first successfully demonstrated with ChatGPT last year and OpenAI mitigated. While inspecting the system prompt…

  • Slashdot: Microsoft Reportedly Cuts China’s Early Access to Bug Disclosures, PoC Exploit Code

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/08/22/2059255/microsoft-reportedly-cuts-chinas-early-access-to-bug-disclosures-poc-exploit-code Source: Slashdot Title: Microsoft Reportedly Cuts China’s Early Access to Bug Disclosures, PoC Exploit Code Feedly Summary: AI Summary and Description: Yes Summary: Microsoft has modified its Microsoft Active Protections Program (MAPP) to restrict access to proof-of-concept exploit code for companies in certain countries, including China, to combat the leak of sensitive…

  • The Register: Fake CAPTCHA tests trick users into running malware

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/22/clickfix_report/ Source: The Register Title: Fake CAPTCHA tests trick users into running malware Feedly Summary: ClickFix tricks Microsoft’s security team has published an in-depth report into ClickFix, the social engineering attack which tricks users into executing malicious commands in the guise of proving their humanity.… AI Summary and Description: Yes Summary: Microsoft’s security…

  • Slashdot: Coinbase Reverses Remote-First Policy After North Korean Infiltration Attempts

    by

    Kurt Seifried
    in

    Source URL: https://slashdot.org/story/25/08/22/1515238/coinbase-reverses-remote-first-policy-after-north-korean-infiltration-attempts?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Coinbase Reverses Remote-First Policy After North Korean Infiltration Attempts Feedly Summary: AI Summary and Description: Yes Summary: The text highlights the increasing security vulnerabilities associated with remote work policies, particularly in sensitive roles within cryptocurrency firms. It emphasizes the proactive measures taken by Coinbase to mitigate these risks, including…

  • The Register: Anthropic scanning Claude chats for queries about DIY nukes for some reason

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/21/anthropic_claude_nuclear_chat_detection/ Source: The Register Title: Anthropic scanning Claude chats for queries about DIY nukes for some reason Feedly Summary: Because savvy terrorists always use public internet services to plan their mischief, right? Anthropic says it has scanned an undisclosed portion of conversations with its Claude AI model to catch concerning inquiries about nuclear…

  • The Register: Microsoft reportedly cuts China’s early access to bug disclosures, PoC exploit code

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/21/microsoft_cuts_chinas_early_access/ Source: The Register Title: Microsoft reportedly cuts China’s early access to bug disclosures, PoC exploit code Feedly Summary: Better late than never after SharePoint assault? Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month’s SharePoint zero-day attacks, which appear to be related to a leak…

  • The Register: Honey, I shrunk the image and now I’m pwned

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/21/google_gemini_image_scaling_attack/ Source: The Register Title: Honey, I shrunk the image and now I’m pwned Feedly Summary: Google’s Gemini-powered tools tripped up by image-scaling prompt injection Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge…

  • Microsoft Security Blog: Think before you Click(Fix): Analyzing the ClickFix social engineering technique

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/ Source: Microsoft Security Blog Title: Think before you Click(Fix): Analyzing the ClickFix social engineering technique Feedly Summary: The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious…

  • The Register: Apple rushes out fix for active zero-day in iOS and macOS

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/21/apple_imageio_exploit/ Source: The Register Title: Apple rushes out fix for active zero-day in iOS and macOS Feedly Summary: Another ‘extremely sophisticated’ exploit chewing at Cupertino’s walled garden Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.……