Tag: exploits
-
The Register: Hijacker helper VoidProxy boosts Google, Microsoft accounts on demand
Source URL: https://www.theregister.com/2025/09/11/voidproxy_phishing_service/ Source: The Register Title: Hijacker helper VoidProxy boosts Google, Microsoft accounts on demand Feedly Summary: Okta uncovers new phishing-as-a-service operation with ‘multiple entities’ falling victim Multiple attackers using a new phishing service dubbed VoidProxy to target organizations’ Microsoft and Google accounts have successfully stolen users’ credentials, multi-factor authentication codes, and session tokens…
-
The Register: Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets
Source URL: https://www.theregister.com/2025/09/11/vmscape_spectre_vulnerability/ Source: The Register Title: Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets Feedly Summary: AMD Zen hardware and Intel Coffee Lake affected If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and…
-
Slashdot: Boffins Build Automated Android Bug Hunting System
Source URL: https://it.slashdot.org/story/25/09/05/196218/boffins-build-automated-android-bug-hunting-system?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Boffins Build Automated Android Bug Hunting System Feedly Summary: AI Summary and Description: Yes Summary: The text discusses an innovative AI-powered bug-hunting agent called A2, developed by researchers from Nanjing University and the University of Sydney. This agent aims to enhance vulnerability discovery in Android apps, achieving significantly higher…
-
The Register: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs
Source URL: https://www.theregister.com/2025/09/03/hexstrike_ai_citrix_exploits/ Source: The Register Title: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs Feedly Summary: LLMs and 0-days – what could possibly go wrong? Attackers on underground forums claimed they were using HexStrike AI, an open-source red-teaming tool, against Citrix NetScaler vulnerabilities within hours of disclosure, according to Check…
-
Unit 42: Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances
Source URL: https://unit42.paloaltonetworks.com/threat-brief-compromised-salesforce-instances/ Source: Unit 42 Title: Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances Feedly Summary: This Threat Brief discusses observations on a campaign leveraging Salesloft Drift integration to exfiltrate data via compromised OAuth credentials. The post Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances appeared first on Unit 42.…
-
Schneier on Security: We Are Still Unable to Secure LLMs from Malicious Inputs
Source URL: https://www.schneier.com/blog/archives/2025/08/we-are-still-unable-to-secure-llms-from-malicious-inputs.html Source: Schneier on Security Title: We Are Still Unable to Secure LLMs from Malicious Inputs Feedly Summary: Nice indirect prompt injection attack: Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own…