exploits – Page 3 – Experimental News Clipping Site

The Register: Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets

Sep 11, 2025

—

by

Source URL: https://www.theregister.com/2025/09/11/vmscape_spectre_vulnerability/ Source: The Register Title: Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets Feedly Summary: AMD Zen hardware and Intel Coffee Lake affected If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and…

The Register: Senator blasts Microsoft for ‘dangerous, insecure software’ that helped pwn US hospitals

Sep 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/11/wyden_microsoft_insecure/ Source: The Register Title: Senator blasts Microsoft for ‘dangerous, insecure software’ that helped pwn US hospitals Feedly Summary: Ron Wyden urges FTC to probe failure to secure Windows after attackers used Kerberoasting to cripple Ascension Microsoft is back in the firing line after US Senator Ron Wyden accused Redmond of shipping “dangerous,…

Cisco Security Blog: SnortML: Cisco’s ML-Based Detection Engine Gets Powerful Upgrade

Sep 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blogs.cisco.com/security/snortml-cisco-ml-based-detection-engine-gets-powerful-upgrade Source: Cisco Security Blog Title: SnortML: Cisco’s ML-Based Detection Engine Gets Powerful Upgrade Feedly Summary: SnortML, Cisco’s innovative ML engine for Snort IPS, proactively detects evolving exploits like SQL Injection, Command Injection & XSS on-device for privacy. AI Summary and Description: Yes Summary: The text highlights the introduction of SnortML, a machine…

Slashdot: Boffins Build Automated Android Bug Hunting System

Sep 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/09/05/196218/boffins-build-automated-android-bug-hunting-system?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Boffins Build Automated Android Bug Hunting System Feedly Summary: AI Summary and Description: Yes Summary: The text discusses an innovative AI-powered bug-hunting agent called A2, developed by researchers from Nanjing University and the University of Sydney. This agent aims to enhance vulnerability discovery in Android apps, achieving significantly higher…

The Register: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/03/hexstrike_ai_citrix_exploits/ Source: The Register Title: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs Feedly Summary: LLMs and 0-days – what could possibly go wrong? Attackers on underground forums claimed they were using HexStrike AI, an open-source red-teaming tool, against Citrix NetScaler vulnerabilities within hours of disclosure, according to Check…

Unit 42: Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances

Sep 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/threat-brief-compromised-salesforce-instances/ Source: Unit 42 Title: Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances Feedly Summary: This Threat Brief discusses observations on a campaign leveraging Salesloft Drift integration to exfiltrate data via compromised OAuth credentials. The post Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances appeared first on Unit 42.…

Microsoft Security Blog: Storm-0501’s evolving techniques lead to cloud-based ransomware

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/ Source: Microsoft Security Blog Title: Storm-0501’s evolving techniques lead to cloud-based ransomware Feedly Summary: Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). While the threat actor has been known for targeting hybrid cloud environments, their primary objective has shifted…

Schneier on Security: We Are Still Unable to Secure LLMs from Malicious Inputs

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/08/we-are-still-unable-to-secure-llms-from-malicious-inputs.html Source: Schneier on Security Title: We Are Still Unable to Secure LLMs from Malicious Inputs Feedly Summary: Nice indirect prompt injection attack: Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own…

The Register: Citrix patches trio of NetScaler bugs – after attackers beat them to it

Aug 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/26/citrix_patches_trio_of_netscaler/ Source: The Register Title: Citrix patches trio of NetScaler bugs – after attackers beat them to it Feedly Summary: Criminals already abusing its latest zero-days Citrix has pushed out fixes for three fresh NetScaler holes – and yes, they’ve already been used in the wild before the vendor got around to patching.……

Embrace The Red: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection

Aug 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/aws-kiro-aribtrary-command-execution-with-indirect-prompt-injection/ Source: Embrace The Red Title: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection Feedly Summary: On the day AWS Kiro was released, I couldn’t resist putting it through some of my Month of AI Bugs security tests for coding agents. AWS Kiro was vulnerable to arbitrary command execution via indirect prompt…

Tag: exploits