Tag: exploits
-
Microsoft Security Blog: Marbled Dust leverages zero-day in Output Messenger for regional espionage
Source URL: https://www.microsoft.com/en-us/security/blog/2025/05/12/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage/ Source: Microsoft Security Blog Title: Marbled Dust leverages zero-day in Output Messenger for regional espionage Feedly Summary: Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output…
-
Cisco Security Blog: AI Agent for Color Red
Source URL: https://feedpress.me/link/23535/17025967/ai-agent-for-color-red Source: Cisco Security Blog Title: AI Agent for Color Red Feedly Summary: AI can automate the analysis, generation, testing, and reporting of exploits. It’s particularly relevant in penetration testing and ethical hacking scenarios. AI Summary and Description: Yes Summary: The text highlights the role of AI in automating various processes related to…
-
Embrace The Red: Model Context Protocol – New Sneaky Exploit, Risks and Mitigations
Source URL: https://embracethered.com/blog/posts/2025/model-context-protocol-security-risks-and-exploits/ Source: Embrace The Red Title: Model Context Protocol – New Sneaky Exploit, Risks and Mitigations Feedly Summary: The Model Context Protocol (MCP) is a protocol definition for how LLM apps/agents can leverage external tools. I have been calling it Model Control Protocol at times, because due to prompt injection, MCP tool servers…
-
The Register: Ex-NSA cyber-boss: AI will soon be a great exploit coder
Source URL: https://www.theregister.com/2025/04/30/exnsa_cyber_boss_ai_expoit_dev/ Source: The Register Title: Ex-NSA cyber-boss: AI will soon be a great exploit coder Feedly Summary: For now it’s a potential bug-finder and friend to defenders RSAC Former NSA cyber-boss Rob Joyce thinks today’s artificial intelligence is dangerously close to becoming a top-tier vulnerability exploit developer.… AI Summary and Description: Yes Summary:…
-
Slashdot: AI-Generated Code Creates Major Security Risk Through ‘Package Hallucinations’
Source URL: https://developers.slashdot.org/story/25/04/29/1837239/ai-generated-code-creates-major-security-risk-through-package-hallucinations?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: AI-Generated Code Creates Major Security Risk Through ‘Package Hallucinations’ Feedly Summary: AI Summary and Description: Yes Summary: The study highlights a critical vulnerability in AI-generated code, where a significant percentage of generated packages reference non-existent libraries, posing substantial risks for supply-chain attacks. This phenomenon is more prevalent in open…
-
Slashdot: Government Hackers Are Leading the Use of Attributed Zero-Days, Google Says
Source URL: https://tech.slashdot.org/story/25/04/29/1525220/government-hackers-are-leading-the-use-of-attributed-zero-days-google-says?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Government Hackers Are Leading the Use of Attributed Zero-Days, Google Says Feedly Summary: AI Summary and Description: Yes Summary: Government-sponsored hackers were responsible for a significant portion of zero-day exploits in cyberattacks, as revealed in Google’s recent research. Despite a decrease in overall zero-day exploits from 2023 to 2024,…