Experimental News Clipping Site

Tag: exploit

  • Simon Willison’s Weblog: Two more Chinese pelicans

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Oct/1/two-pelicans/#atom-everything Source: Simon Willison’s Weblog Title: Two more Chinese pelicans Feedly Summary: Two new models from Chinese AI labs in the past few days. I tried them both out using llm-openrouter: DeepSeek-V3.2-Exp from DeepSeek. Announcement, Tech Report, Hugging Face (690GB, MIT license). As an intermediate step toward our next-generation architecture, V3.2-Exp builds upon…

  • The Register: ‘Delightful’ root-access bug in Red Hat OpenShift AI allows full cluster takeover

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/10/01/critical_red_hat_openshift_ai_bug/ Source: The Register Title: ‘Delightful’ root-access bug in Red Hat OpenShift AI allows full cluster takeover Feedly Summary: Who wouldn’t want root access on cluster master nodes? A 9.9 out of 10 severity bug in Red Hat’s OpenShift AI service could allow a remote attacker with minimal authentication to steal data, disrupt…

  • Cisco Talos Blog: Nvidia and Adobe vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/nvidia-and-adobe-vulnerabilities/ Source: Cisco Talos Blog Title: Nvidia and Adobe vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat.The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.    For Snort…

  • Schneier on Security: Use of Generative AI in Scams

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/10/use-of-generative-ai-in-scams.html Source: Schneier on Security Title: Use of Generative AI in Scams Feedly Summary: New report: “Scam GPT: GenAI and the Automation of Fraud.” This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people…

  • The Register: Socket will block it with free malicious package firewall

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/30/socket_will_block_it_with/ Source: The Register Title: Socket will block it with free malicious package firewall Feedly Summary: “sfw" stands for Socket Firewall, but perhaps also "safe for work." Software security biz Socket has released a free command line tool to defend developers against supply chain attacks.… AI Summary and Description: Yes Summary: The text…

  • The Register: Warnings about Cisco vulns under active exploit are falling on deaf ears

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/30/cisco_firewall_vulns/ Source: The Register Title: Warnings about Cisco vulns under active exploit are falling on deaf ears Feedly Summary: 50,000 firewall devices still exposed Nearly 50,000 Cisco ASA/FTD instances vulnerable to two bugs that are actively being exploited by “advanced" attackers remain exposed to the internet, according to Shadowserver data.… AI Summary and…

  • Cisco Security Blog: Rethinking AI Security: The Dynamic Context Firewall for MCP

    by

    Kurt Seifried
    in

    Source URL: https://feedpress.me/link/23535/17174405/rethinking-ai-security-dynamic-context-firewall-for-mcp Source: Cisco Security Blog Title: Rethinking AI Security: The Dynamic Context Firewall for MCP Feedly Summary: A Dynamic Context Firewall (DCF) for Model Context Protocol (MCP) is a proposed, context-aware security layer that protects AI agent interactions. AI Summary and Description: Yes Summary: The text introduces a Dynamic Context Firewall (DCF) specifically…

  • The Register: One line of malicious npm code led to massive Postmark email heist

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/ Source: The Register Title: One line of malicious npm code led to massive Postmark email heist Feedly Summary: MCP plus open source plus typosquatting … what could possibly go wrong? A fake npm package posing as Postmark’s MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding…

  • Cloud Blog: Announcing Claude Sonnet 4.5 on Vertex AI

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/ai-machine-learning/announcing-claude-sonnet-4-5-on-vertex-ai/ Source: Cloud Blog Title: Announcing Claude Sonnet 4.5 on Vertex AI Feedly Summary: Today, we’re announcing the general availability of Claude Sonnet 4.5, Anthropic’s most intelligent model and its best-performing model for complex agents, coding, and computer use, on Vertex AI.Claude Sonnet 4.5 is built to work independently for hours, maintaining clarity…