Tag: injection
-
The Register: Google declares AI bug hunting season open, sets a $30K max reward
Source URL: https://www.theregister.com/2025/10/07/google_ai_bug_bounty/ Source: The Register Title: Google declares AI bug hunting season open, sets a $30K max reward Feedly Summary: Jailbreaks, direct prompt injection not allowed Google on Monday rolled out a new AI Vulnerability Reward Program to encourage researchers to find and report flaws in its AI systems, with rewards of up to…
-
Cisco Talos Blog: Too salty to handle: Exposing cases of CSS abuse for hidden text salting
Source URL: https://blog.talosintelligence.com/too-salty-to-handle-exposing-cases-of-css-abuse-for-hidden-text-salting/ Source: Cisco Talos Blog Title: Too salty to handle: Exposing cases of CSS abuse for hidden text salting Feedly Summary: A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered…
-
Microsoft Security Blog: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/ Source: Microsoft Security Blog Title: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability Feedly Summary: Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. We are publishing this…
-
Microsoft Security Blog: Empowering defenders in the era of agentic AI with Microsoft Sentinel
Source URL: https://www.microsoft.com/en-us/security/blog/2025/09/30/empowering-defenders-in-the-era-of-agentic-ai-with-microsoft-sentinel/ Source: Microsoft Security Blog Title: Empowering defenders in the era of agentic AI with Microsoft Sentinel Feedly Summary: Microsoft Sentinel is expanding into an agentic platform with general availability of the Sentinel data lake, and the public preview of Sentinel graph and Sentinel Model Context Protocol (MCP) server. The post Empowering defenders in the era of…
-
Schneier on Security: Abusing Notion’s AI Agent for Data Theft
Source URL: https://www.schneier.com/blog/archives/2025/09/abusing-notions-ai-agent-for-data-theft.html Source: Schneier on Security Title: Abusing Notion’s AI Agent for Data Theft Feedly Summary: Notion just released version 3.0, complete with AI agents. Because the system contains Simon Willson’s lethal trifecta, it’s vulnerable to data theft though prompt injection. First, the trifecta: The lethal trifecta of capabilities is: Access to your private…