flaws – Page 5 – Experimental News Clipping Site

The Register: Thousands of Citrix NetScaler boxes still sitting ducks despite patches

Aug 28, 2025

—

by

Source URL: https://www.theregister.com/2025/08/28/thousands_of_citrix_netscaler_boxes/ Source: The Register Title: Thousands of Citrix NetScaler boxes still sitting ducks despite patches Feedly Summary: Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week,…

Schneier on Security: We Are Still Unable to Secure LLMs from Malicious Inputs

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/08/we-are-still-unable-to-secure-llms-from-malicious-inputs.html Source: Schneier on Security Title: We Are Still Unable to Secure LLMs from Malicious Inputs Feedly Summary: Nice indirect prompt injection attack: Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own…

Schneier on Security: Encryption Backdoor in Military/Police Radios

Aug 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/08/encryption-backdoor-in-military-police-radios.html Source: Schneier on Security Title: Encryption Backdoor in Military/Police Radios Feedly Summary: I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The…

Embrace The Red: How Prompt Injection Exposes Manus’ VS Code Server to the Internet

Aug 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/manus-ai-kill-chain-expose-port-vs-code-server-on-internet/ Source: Embrace The Red Title: How Prompt Injection Exposes Manus’ VS Code Server to the Internet Feedly Summary: Today we will cover a powerful, easy to use, autonomous agent called Manus. Manus is developed by the Chinese startup Monica, based in Singapore. This post demonstrates an end-to-end indirect prompt injection attack leading…

Simon Willison’s Weblog: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet

Aug 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/25/agentic-browser-security/#atom-everything Source: Simon Willison’s Weblog Title: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet Feedly Summary: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet The security team from Brave took a look at Comet, the LLM-powered “agentic browser" extension from Perplexity, and unsurprisingly found security holes you can drive a truck…

Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…

The Register: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/amazon_quietly_fixed_q_developer_flaws/ Source: The Register Title: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE Feedly Summary: Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to…

The Register: Intel ghosts researcher who found web apps spilled 270K staff records

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/intel_website_flaws/ Source: The Register Title: Intel ghosts researcher who found web apps spilled 270K staff records Feedly Summary: Chipzilla quietly fixed the problems without responding to the person who found them Security boffin Eaton Zveare has highlighted some serious holes in the online infrastructure of chip giant Intel – walking through services with…

Slashdot: Male-Oriented App ‘TeaOnHer’ Also Had Security Flaws That Could Leak Men’s Driver’s License Photos

Aug 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/08/18/0550252/male-oriented-app-teaonher-also-had-security-flaws-that-could-leak-mens-drivers-license-photos?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Male-Oriented App ‘TeaOnHer’ Also Had Security Flaws That Could Leak Men’s Driver’s License Photos Feedly Summary: AI Summary and Description: Yes Summary: The text discusses data breaches and security flaws in two dating-advice apps, focusing on the implications of such incidents for user privacy and corporate liability. These issues…

Slashdot: Security Flaws In Carmaker’s Web Portal Let a Hacker Remotely Unlock Cars

Aug 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/08/17/0221251/security-flaws-in-carmakers-web-portal-let-a-hacker-remotely-unlock-cars?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Security Flaws In Carmaker’s Web Portal Let a Hacker Remotely Unlock Cars Feedly Summary: AI Summary and Description: Yes Summary: A security researcher discovered vulnerabilities in a car dealership portal that could expose personal information and allow remote access to cars. The issues highlight the critical importance of secure…

Tag: flaws