Tag: exploit

Source URL: https://www.theregister.com/2025/08/08/infosec_hounds_spot_prompt_injection/ Source: The Register Title: Infosec hounds spot prompt injection vuln in Google Gemini apps Feedly Summary: Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed Black hat A trio of researchers has disclosed a major prompt injection vulnerability in Google’s Gemini large…

The Register: German security researchers say ‘Windows Hell No’ to Microsoft biometrics for biz

—

by

Source URL: https://www.theregister.com/2025/08/07/windows_hello_hell_no/ Source: The Register Title: German security researchers say ‘Windows Hell No’ to Microsoft biometrics for biz Feedly Summary: Hello loophole could let a rogue admin, or a pwned one, inject new facial scans Black Hat Microsoft is pushing hard for Windows users to shift from using passwords to its Hello biometrics system,…

Wired: Encryption Made for Police and Military Radios May Be Easily Cracked

—

by

Source URL: https://www.wired.com/story/encryption-made-for-police-and-military-radios-may-be-easily-cracked-researchers-find/ Source: Wired Title: Encryption Made for Police and Military Radios May Be Easily Cracked Feedly Summary: Researchers found that an encryption algorithm likely used by law enforcement and special forces can have weaknesses that could allow an attacker to listen in. AI Summary and Description: Yes Summary: The text highlights a critical…

Docker: MCP Horror Stories: The Supply Chain Attack

—

by

Source URL: https://www.docker.com/blog/mcp-horror-stories-the-supply-chain-attack/ Source: Docker Title: MCP Horror Stories: The Supply Chain Attack Feedly Summary: This is Part 2 of our MCP Horror Stories series, an in-depth look at real-world security incidents exposing the vulnerabilities in AI infrastructure, and how the Docker MCP Toolkit delivers enterprise-grade protection. The Model Context Protocol (MCP) promised to be…

The Register: Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’

—

by

Source URL: https://www.theregister.com/2025/08/07/microsoft_cisa_warn_yet_another/ Source: The Register Title: Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’ Feedly Summary: No reported in-the-wild exploits…yet Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange…

Embrace The Red: How Devin AI Can Leak Your Secrets Via Multiple Means

—

by

Source URL: https://embracethered.com/blog/posts/2025/devin-can-leak-your-secrets/ Source: Embrace The Red Title: How Devin AI Can Leak Your Secrets Via Multiple Means Feedly Summary: In this post we show how an attacker can make Devin send sensitive information to third-party servers, via multiple means. This post assumes that you read the first post about Devin as well. But here…

Cloud Blog: Secure your storage: Best practices to prevent dangling bucket takeovers

—

by

Source URL: https://cloud.google.com/blog/products/identity-security/best-practices-to-prevent-dangling-bucket-takeovers/ Source: Cloud Blog Title: Secure your storage: Best practices to prevent dangling bucket takeovers Feedly Summary: Storage buckets are where your data lives in the cloud. Much like digital real estate, these buckets are your own plot of land on the internet. When you move away and no longer need a specific…

The Register: CISA releases malware analysis for Sharepoint Server attack

—

by

Source URL: https://www.theregister.com/2025/08/07/cisa_releases_malware_analysis/ Source: The Register Title: CISA releases malware analysis for Sharepoint Server attack Feedly Summary: Indications of compromise and Sigma rules report for your security scanners amid ongoing ‘ToolShell’ blitz CISA has published a malware analysis report with compromise indicators and Sigma rules for “ToolShell" attacks targeting specific Microsoft SharePoint Server versions.… AI…

The Register: Meta training AI on social media posts? Only 7% in Europe think it’s OK

—

by