Tag: information security

Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…

Embrace The Red: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection

Aug 20, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-interprets-hidden-instructions/ Source: Embrace The Red Title: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads. In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead…

The Register: Intel ghosts researcher who found web apps spilled 270K staff records

Aug 20, 2025

—

by

Source URL: https://www.theregister.com/2025/08/20/intel_website_flaws/ Source: The Register Title: Intel ghosts researcher who found web apps spilled 270K staff records Feedly Summary: Chipzilla quietly fixed the problems without responding to the person who found them Security boffin Eaton Zveare has highlighted some serious holes in the online infrastructure of chip giant Intel – walking through services with…

The Register: Don’t want drive-by Ollama attackers snooping on your local chats? Patch now

—

by

Source URL: https://www.theregister.com/2025/08/19/ollama_driveby_attack/ Source: The Register Title: Don’t want drive-by Ollama attackers snooping on your local chats? Patch now Feedly Summary: Reconfigure local app settings via a ‘simple’ POST request A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people’s personal…

Krebs on Security: Oregon Man Charged in ‘Rapper Bot’ DDoS Service

—

by

Source URL: https://krebsonsecurity.com/2025/08/oregon-man-charged-in-rapper-bot-ddos-service/ Source: Krebs on Security Title: Oregon Man Charged in ‘Rapper Bot’ DDoS Service Feedly Summary: A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot," a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked…

The Register: Uncle Sam asks industry if it has AI that’ll make procurement suck less

—

by

Source URL: https://www.theregister.com/2025/08/19/us_government_ai_procurement/ Source: The Register Title: Uncle Sam asks industry if it has AI that’ll make procurement suck less Feedly Summary: Plan includes chatbots ‘with full user context and data access’ – what could go wrong? US government buyers have been busy getting AI into the hands of federal agencies, and now they’re taking…

Cisco Talos Blog: Ransomware incidents in Japan during the first half of 2025

—

by

Source URL: https://blog.talosintelligence.com/ransomware_incidents_in_japan_during_the_first_half_of_2025/ Source: Cisco Talos Blog Title: Ransomware incidents in Japan during the first half of 2025 Feedly Summary: Ransomware attackers continue to primarily target small and medium-sized manufacturing businesses in Japan. AI Summary and Description: Yes Summary: The text provides an in-depth analysis of the rise in ransomware attacks in Japan during the…

Slashdot: US Spy Chief Gabbard Says UK Agreed To Drop ‘Backdoor’ Mandate for Apple

—

by

Source URL: https://apple.slashdot.org/story/25/08/19/0345252/us-spy-chief-gabbard-says-uk-agreed-to-drop-backdoor-mandate-for-apple?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: US Spy Chief Gabbard Says UK Agreed To Drop ‘Backdoor’ Mandate for Apple Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a recent development in the UK’s approach to encryption and security, specifically regarding Apple and its iCloud data. The intervention by the Trump administration highlights…

The Register: GenAI FOMO has spurred businesses to light nearly $40 billion on fire

Aug 18, 2025

—

by