exploits – Page 6 – Experimental News Clipping Site

Wired: Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home

Aug 6, 2025

—

by

Source URL: https://www.wired.com/story/google-gemini-calendar-invite-hijack-smart-home/ Source: Wired Title: Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home Feedly Summary: For likely the first time ever, security researchers have shown how AI can be hacked to create real world havoc, allowing them to turn off lights, open smart shutters, and more.…

Embrace The Red: I Spent $500 To Test Devin For Prompt Injection So That You Don’t Have To

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/devin-i-spent-usd500-to-hack-devin/ Source: Embrace The Red Title: I Spent $500 To Test Devin For Prompt Injection So That You Don’t Have To Feedly Summary: Today we cover Devin from Cognition, the first AI Software Engineer. We will cover Devin proof-of-concept exploits in multiple posts over the next few days. In this first post, we…

Simon Willison’s Weblog: Quoting @himbodhisattva

Aug 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/4/himbodhisattva/#atom-everything Source: Simon Willison’s Weblog Title: Quoting @himbodhisattva Feedly Summary: for services that wrap GPT-3, is it possible to do the equivalent of sql injection? like, a prompt-injection attack? make it think it’s completed the task and then get access to the generation, and ask it to repeat the original instruction? — @himbodhisattva,…

Embrace The Red: Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)

Aug 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/cursor-data-exfiltration-with-mermaid/ Source: Embrace The Red Title: Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132) Feedly Summary: Cursor is a popular AI code editor. In this post I want to share how I found an interesting data exfiltration issue, the demo exploits built and how it got fixed. When using Cursor I noticed that…

Microsoft Security Blog: Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Jul 31, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/ Source: Microsoft Security Blog Title: Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats Feedly Summary: Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to…

Cloud Blog: Top 25 blogs of 2025… so far

Jul 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/gcp/most-read-blogs-from-h1-2025/ Source: Cloud Blog Title: Top 25 blogs of 2025… so far Feedly Summary: Six months into 2025, we’ve already published hundreds of posts here on the Google Cloud blog. We asked ourselves, why wait until the busy end of the year to review your favorites? With everything from new AI models, product…

Unit 42: 2025 Unit 42 Global Incident Response Report: Social Engineering Edition

Jul 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition/ Source: Unit 42 Title: 2025 Unit 42 Global Incident Response Report: Social Engineering Edition Feedly Summary: Social engineering thrives on trust and is now boosted by AI. Unit 42 incident response data explains why it’s surging. We detail eight critical countermeasures. The post 2025 Unit 42 Global Incident Response Report: Social Engineering…

Embrace The Red: The Month of AI Bugs 2025

Jul 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/announcement-the-month-of-ai-bugs/ Source: Embrace The Red Title: The Month of AI Bugs 2025 Feedly Summary: This year I spent a lot of time reviewing, exploiting and working with vendors to fix vulnerabilities in agentic AI systems. As a result, I’m excited to announce the Month of AI Bugs 2025! Goal Of The Initiative The…

Slashdot: Did a Vendor’s Leak Help Attackers Exploit Microsoft’s SharePoint Servers?

Jul 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/07/27/0337218/did-a-vendors-leak-help-attackers-exploit-microsofts-sharepoint-servers?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Did a Vendor’s Leak Help Attackers Exploit Microsoft’s SharePoint Servers? Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a serious security concern regarding zero-day exploits targeting Microsoft’s SharePoint servers, emphasizing potential leaks of vulnerability information and the impact of generative AI tools like Google Gemini in…

The Register: No login? No problem: Cisco ISE flaw gave root access before fix arrived, say researchers

Jul 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/07/24/no_login_no_problem_cisco_flaw/ Source: The Register Title: No login? No problem: Cisco ISE flaw gave root access before fix arrived, say researchers Feedly Summary: Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it Threat actors have actively exploited a newly patched vulnerability in Cisco’s Identity Services…

Tag: exploits