Experimental News Clipping Site

Tag: exploit

  • Embrace The Red: How Prompt Injection Exposes Manus’ VS Code Server to the Internet

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/manus-ai-kill-chain-expose-port-vs-code-server-on-internet/ Source: Embrace The Red Title: How Prompt Injection Exposes Manus’ VS Code Server to the Internet Feedly Summary: Today we will cover a powerful, easy to use, autonomous agent called Manus. Manus is developed by the Chinese startup Monica, based in Singapore. This post demonstrates an end-to-end indirect prompt injection attack leading…

  • Slashdot: FBI Warns Russian Hackers Targeted ‘Thousands’ of Critical US Infrastructure IT Systems

    by

    Kurt Seifried
    in

    Source URL: https://news.slashdot.org/story/25/08/24/0638238/fbi-warns-russian-hackers-targeted-thousands-of-critical-us-infrastructure-it-systems?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: FBI Warns Russian Hackers Targeted ‘Thousands’ of Critical US Infrastructure IT Systems Feedly Summary: AI Summary and Description: Yes Summary: The text outlines a significant security threat posed by Russian state-sponsored hackers targeting U.S. critical infrastructure through vulnerabilities in Cisco devices. The report emphasizes the risks posed by unpatched…

  • Slashdot: Amid Service Disruption, Colt Confirms ‘Criminal Group’ Accessed Their Data, As Ransomware Gang Threatens to Sell It

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/08/23/0910226/amid-service-disruption-colt-confirms-criminal-group-accessed-their-data-as-ransomware-gang-threatens-to-sell-it?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Amid Service Disruption, Colt Confirms ‘Criminal Group’ Accessed Their Data, As Ransomware Gang Threatens to Sell It Feedly Summary: AI Summary and Description: Yes Summary: Colt Telecom has faced a significant cyber attack leading to prolonged service disruption and data theft. The incident highlights vulnerabilities in telecommunications infrastructure and…

  • Embrace The Red: Sneaking Invisible Instructions by Developers in Windsurf

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/windsurf-sneaking-invisible-instructions-for-prompt-injection/ Source: Embrace The Red Title: Sneaking Invisible Instructions by Developers in Windsurf Feedly Summary: Imagine a malicious instruction hidden in plain sight, invisible to you but not to the AI. This is a vulnerability discovered in Windsurf Cascade, it follows invisible instructions. This means there can be instructions in a file or…

  • Slashdot: Amid Service Disruption, Colt Telecom Confirms ‘Criminal Group’ Accessed Their Data, As Ransomware Gang Threatens to Sell It

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/08/23/0910226/amid-service-disruption-colt-telecom-confirms-criminal-group-accessed-their-data-as-ransomware-gang-threatens-to-sell-it?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Amid Service Disruption, Colt Telecom Confirms ‘Criminal Group’ Accessed Their Data, As Ransomware Gang Threatens to Sell It Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant cyber attack on Colt Telecom that has led to prolonged service disruptions and the theft of customer documentation.…

  • Embrace The Red: Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/windsurf-spaiware-exploit-persistent-prompt-injection/ Source: Embrace The Red Title: Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit) Feedly Summary: In this second post about Windsurf Cascade we are exploring the SpAIware attack, which allows memory persistent data exfiltration. SpAIware is an attack we first successfully demonstrated with ChatGPT last year and OpenAI mitigated. While inspecting the system prompt…

  • Slashdot: Microsoft Reportedly Cuts China’s Early Access to Bug Disclosures, PoC Exploit Code

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/08/22/2059255/microsoft-reportedly-cuts-chinas-early-access-to-bug-disclosures-poc-exploit-code Source: Slashdot Title: Microsoft Reportedly Cuts China’s Early Access to Bug Disclosures, PoC Exploit Code Feedly Summary: AI Summary and Description: Yes Summary: Microsoft has modified its Microsoft Active Protections Program (MAPP) to restrict access to proof-of-concept exploit code for companies in certain countries, including China, to combat the leak of sensitive…

  • The Register: Fake CAPTCHA tests trick users into running malware

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/22/clickfix_report/ Source: The Register Title: Fake CAPTCHA tests trick users into running malware Feedly Summary: ClickFix tricks Microsoft’s security team has published an in-depth report into ClickFix, the social engineering attack which tricks users into executing malicious commands in the guise of proving their humanity.… AI Summary and Description: Yes Summary: Microsoft’s security…

  • Slashdot: Coinbase Reverses Remote-First Policy After North Korean Infiltration Attempts

    by

    Kurt Seifried
    in

    Source URL: https://slashdot.org/story/25/08/22/1515238/coinbase-reverses-remote-first-policy-after-north-korean-infiltration-attempts?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Coinbase Reverses Remote-First Policy After North Korean Infiltration Attempts Feedly Summary: AI Summary and Description: Yes Summary: The text highlights the increasing security vulnerabilities associated with remote work policies, particularly in sensitive roles within cryptocurrency firms. It emphasizes the proactive measures taken by Coinbase to mitigate these risks, including…

  • The Register: Anthropic scanning Claude chats for queries about DIY nukes for some reason

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/21/anthropic_claude_nuclear_chat_detection/ Source: The Register Title: Anthropic scanning Claude chats for queries about DIY nukes for some reason Feedly Summary: Because savvy terrorists always use public internet services to plan their mischief, right? Anthropic says it has scanned an undisclosed portion of conversations with its Claude AI model to catch concerning inquiries about nuclear…