exploits – Page 4 – Experimental News Clipping Site

Cisco Talos Blog: ReVault! When your SoC turns against you… deep dive edition

Aug 9, 2025

—

by

Source URL: https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you-2/ Source: Cisco Talos Blog Title: ReVault! When your SoC turns against you… deep dive edition Feedly Summary: Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. AI Summary and Description: Yes **Summary:** The text conducts an in-depth analysis…

The Register: Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/07/microsoft_cisa_warn_yet_another/ Source: The Register Title: Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’ Feedly Summary: No reported in-the-wild exploits…yet Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange…

Embrace The Red: How Devin AI Can Leak Your Secrets Via Multiple Means

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/devin-can-leak-your-secrets/ Source: Embrace The Red Title: How Devin AI Can Leak Your Secrets Via Multiple Means Feedly Summary: In this post we show how an attacker can make Devin send sensitive information to third-party servers, via multiple means. This post assumes that you read the first post about Devin as well. But here…

Wired: Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.wired.com/story/google-gemini-calendar-invite-hijack-smart-home/ Source: Wired Title: Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home Feedly Summary: For likely the first time ever, security researchers have shown how AI can be hacked to create real world havoc, allowing them to turn off lights, open smart shutters, and more.…

Embrace The Red: I Spent $500 To Test Devin For Prompt Injection So That You Don’t Have To

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/devin-i-spent-usd500-to-hack-devin/ Source: Embrace The Red Title: I Spent $500 To Test Devin For Prompt Injection So That You Don’t Have To Feedly Summary: Today we cover Devin from Cognition, the first AI Software Engineer. We will cover Devin proof-of-concept exploits in multiple posts over the next few days. In this first post, we…

Simon Willison’s Weblog: Quoting @himbodhisattva

Aug 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/4/himbodhisattva/#atom-everything Source: Simon Willison’s Weblog Title: Quoting @himbodhisattva Feedly Summary: for services that wrap GPT-3, is it possible to do the equivalent of sql injection? like, a prompt-injection attack? make it think it’s completed the task and then get access to the generation, and ask it to repeat the original instruction? — @himbodhisattva,…

Embrace The Red: Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)

Aug 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/cursor-data-exfiltration-with-mermaid/ Source: Embrace The Red Title: Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132) Feedly Summary: Cursor is a popular AI code editor. In this post I want to share how I found an interesting data exfiltration issue, the demo exploits built and how it got fixed. When using Cursor I noticed that…

Microsoft Security Blog: Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Jul 31, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/ Source: Microsoft Security Blog Title: Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats Feedly Summary: Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to…

Cloud Blog: Top 25 blogs of 2025… so far

Jul 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/gcp/most-read-blogs-from-h1-2025/ Source: Cloud Blog Title: Top 25 blogs of 2025… so far Feedly Summary: Six months into 2025, we’ve already published hundreds of posts here on the Google Cloud blog. We asked ourselves, why wait until the busy end of the year to review your favorites? With everything from new AI models, product…

Unit 42: 2025 Unit 42 Global Incident Response Report: Social Engineering Edition

Jul 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition/ Source: Unit 42 Title: 2025 Unit 42 Global Incident Response Report: Social Engineering Edition Feedly Summary: Social engineering thrives on trust and is now boosted by AI. Unit 42 incident response data explains why it’s surging. We detail eight critical countermeasures. The post 2025 Unit 42 Global Incident Response Report: Social Engineering…

Tag: exploits