exploit – Page 4 – Experimental News Clipping Site

The Register: Boffins build automated Android bug hunting system

Sep 4, 2025

—

by

Source URL: https://www.theregister.com/2025/09/04/boffins_build_automated_android_bug_hunting/ Source: The Register Title: Boffins build automated Android bug hunting system Feedly Summary: AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to…

Cisco Talos Blog: From summer camp to grind season

Sep 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/from-summer-camp-to-grind-season/ Source: Cisco Talos Blog Title: From summer camp to grind season Feedly Summary: Bill takes thoughtful look at the transition from summer camp to grind season, explores the importance of mental health and reflects on AI psychiatry. AI Summary and Description: Yes Summary: This text discusses the ongoing evolution of threats related…

The Cloudflare Blog: Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1

Sep 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/ Source: The Cloudflare Blog Title: Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1 Feedly Summary: Unauthorized TLS certificates were issued for 1.1.1.1 by a Certification Authority without permission from Cloudflare. These rogue certificates have now been revoked. AI Summary and Description: Yes Summary: The text describes a serious incident involving…

The Register: US puts $10M bounty on three Russians accused of attacking critical infrastructure

Sep 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/04/us_10m_bounty_fsb_attackers/ Source: The Register Title: US puts $10M bounty on three Russians accused of attacking critical infrastructure Feedly Summary: Seven-year-old Cisco vuln that remains inexplicably unpatched is their way in The US State Department has put a $10 million bounty on the heads of three Russians accused of being intelligence agents hacking America’s…

The Register: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/03/hexstrike_ai_citrix_exploits/ Source: The Register Title: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs Feedly Summary: LLMs and 0-days – what could possibly go wrong? Attackers on underground forums claimed they were using HexStrike AI, an open-source red-teaming tool, against Citrix NetScaler vulnerabilities within hours of disclosure, according to Check…

Cloud Blog: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability/ Source: Cloud Blog Title: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) Feedly Summary: Written by: Rommel Joven, Josh Fleischer, Joseph Sciuto, Andi Slok, Choon Kiat Ng In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging sample machine keys that had been exposed in…

The Register: It looks like you’re ransoming data. Would you like some help?

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/03/ransomware_ai_abuse/ Source: The Register Title: It looks like you’re ransoming data. Would you like some help? Feedly Summary: AI-powered ransomware, extortion chatbots, vibe hacking … just wait until agents replace affiliates It’s no secret that AI tools make it easier for cybercriminals to steal sensitive data and then extort victim organizations. But two…

Schneier on Security: Indirect Prompt Injection Attacks Against LLM Assistants

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/09/indirect-prompt-injection-attacks-against-llm-assistants.html Source: Schneier on Security Title: Indirect Prompt Injection Attacks Against LLM Assistants Feedly Summary: Really good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks,…

Unit 42: Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/model-namespace-reuse/ Source: Unit 42 Title: Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust Feedly Summary: Model namespace reuse is a potential security risk in the AI supply chain. Attackers can misuse platforms like Hugging Face for remote code execution. The post Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model…

The Register: Internet mapping and research tool Censys reveals state-based abuse, harassment

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/03/censys_abuse_sigcomm_paper/ Source: The Register Title: Internet mapping and research tool Censys reveals state-based abuse, harassment Feedly Summary: ‘Universities are being used to proxy offensive government operations, turning research access decisions political’ Censys Inc, vendor of the popular Censys internet-mapping tool, has revealed that state-based actors are trying to abuse its services by hiding…

Tag: exploit