hijacking – Experimental News Clipping Site

The Register: HybridPetya: More proof that Secure Boot bypasses are not just an urban legend

Sep 12, 2025

—

by

Source URL: https://www.theregister.com/2025/09/12/hopefully_just_a_poc_hybridpetya/ Source: The Register Title: HybridPetya: More proof that Secure Boot bypasses are not just an urban legend Feedly Summary: Although it hasn’t been seen in the wild yet A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked…

Bulletins: Vulnerability Summary for the Week of August 25, 2025

Sep 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-245 Source: Bulletins Title: Vulnerability Summary for the Week of August 25, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects–Online Project Report Submission and Evaluation System A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown…

Embrace The Red: Wrap Up: The Month of AI Bugs

Aug 31, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/wrapping-up-month-of-ai-bugs/ Source: Embrace The Red Title: Wrap Up: The Month of AI Bugs Feedly Summary: That’s it. The Month of AI Bugs is done. There won’t be a post tomorrow, because I will be at PAX West. Overview of Posts ChatGPT: Exfiltrating Your Chat History and Memories With Prompt Injection | Video ChatGPT…

Slashdot: Perplexity’s AI Browser Comet Vulnerable To Prompt Injection Attacks That Hijack User Accounts

Aug 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/08/25/1654220/perplexitys-ai-browser-comet-vulnerable-to-prompt-injection-attacks-that-hijack-user-accounts?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Perplexity’s AI Browser Comet Vulnerable To Prompt Injection Attacks That Hijack User Accounts Feedly Summary: AI Summary and Description: Yes Summary: The text highlights significant vulnerabilities in Perplexity’s Comet browser linked to its AI summarization functionalities. These vulnerabilities allow attackers to hijack user accounts and execute malicious commands, posing…

Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…

Cloud Blog: Secure your storage: Best practices to prevent dangling bucket takeovers

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/best-practices-to-prevent-dangling-bucket-takeovers/ Source: Cloud Blog Title: Secure your storage: Best practices to prevent dangling bucket takeovers Feedly Summary: Storage buckets are where your data lives in the cloud. Much like digital real estate, these buckets are your own plot of land on the internet. When you move away and no longer need a specific…

The Register: Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons

Aug 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/04/mozilla_add_on_phishing/ Source: The Register Title: Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons Feedly Summary: Devs told to exercise ‘extreme caution’ with emails disguised as account update prompts Mozilla is warning of an ongoing phishing campaign targeting developers of Firefox add-ons.… AI Summary and Description: Yes Summary: Mozilla has issued a…

CSA: Homoglyph Attacks & Domain Squatting

Jul 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloudsecurityalliance.org/articles/homoglyph-attacks-domain-squatting-the-hidden-risk-to-your-brand Source: CSA Title: Homoglyph Attacks & Domain Squatting Feedly Summary: AI Summary and Description: Yes Summary: The text highlights the escalating threat posed by homoglyph-based domain squatting, emphasizing its potential impact on brand trust and cloud security. It underscores the need for proactive DNS posture management to detect and mitigate these risks,…

Cloud Blog: Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor

Jul 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/sonicwall-secure-mobile-access-exploitation-overstep-backdoor/ Source: Cloud Blog Title: Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor Feedly Summary: Written by: Josh Goddard, Zander Work, Dimiter Andonov Introduction Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall…

The Register: Crims hijacking fully patched SonicWall VPNs to deploy stealthy backdoor and rootkit

Jul 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/07/16/sonicwall_vpn_hijack/ Source: The Register Title: Crims hijacking fully patched SonicWall VPNs to deploy stealthy backdoor and rootkit Feedly Summary: Someone’s OVERSTEPing the mark Unknown miscreants are exploiting fully patched, end-of-life SonicWall VPNs to deploy a previously unknown backdoor and rootkit, likely for data theft and extortion, according to Google’s Threat Intelligence Group.… AI…

Tag: hijacking