Tag: injection
-
Simon Willison’s Weblog: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot
Source URL: https://simonwillison.net/2025/Jun/11/echoleak/ Source: Simon Willison’s Weblog Title: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot Feedly Summary: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is…
-
CSA: Exploiting Trusted AI: GPTs in Cyberattacks
Source URL: https://abnormal.ai/blog/how-attackers-exploit-trusted-ai-tools Source: CSA Title: Exploiting Trusted AI: GPTs in Cyberattacks Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the emergence of malicious AI, particularly focusing on how generative pre-trained transformers (GPTs) are being exploited by cybercriminals. It highlights the potential risks posed by these technologies, including sophisticated fraud tactics and…
-
Simon Willison’s Weblog: The last year six months in LLMs, illustrated by pelicans on bicycles
Source URL: https://simonwillison.net/2025/Jun/6/six-months-in-llms/#atom-everything Source: Simon Willison’s Weblog Title: The last year six months in LLMs, illustrated by pelicans on bicycles Feedly Summary: I presented an invited keynote at the AI Engineer World’s Fair in San Francisco this week. This is my third time speaking at the event – here’s my talks from October 2023 and…
-
Simon Willison’s Weblog: Codex agent internet access
Source URL: https://simonwillison.net/2025/Jun/3/codex-agent-internet-access/ Source: Simon Willison’s Weblog Title: Codex agent internet access Feedly Summary: Codex agent internet access Sam Altman, just now: codex gets access to the internet today! it is off by default and there are complex tradeoffs; people should read about the risks carefully and use when it makes sense. This is the…
-
Bulletins: Vulnerability Summary for the Week of May 26, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-153 Source: Bulletins Title: Vulnerability Summary for the Week of May 26, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Daily College Class Work Report Book A vulnerability classified as critical has been found in 1000 Projects Daily College Class Work Report Book 1.0. Affected is…
-
Cloud Blog: Mark Your Calendar: APT41 Innovative Tactics
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics/ Source: Cloud Blog Title: Mark Your Calendar: APT41 Innovative Tactics Feedly Summary: Written by: Patrick Whitsell Google Threat Intelligence Group’s (GTIG) mission is to protect Google’s billions of users and Google’s multitude of products and services. In late October 2024, GTIG discovered an exploited government website hosting malware being used to target…
-
Simon Willison’s Weblog: GitHub MCP Exploited: Accessing private repositories via MCP
Source URL: https://simonwillison.net/2025/May/26/github-mcp-exploited/#atom-everything Source: Simon Willison’s Weblog Title: GitHub MCP Exploited: Accessing private repositories via MCP Feedly Summary: GitHub MCP Exploited: Accessing private repositories via MCP GitHub’s official MCP server grants LLMs a whole host of new abilities, including being able to read and issues in repositories the user has access to and submit new…
-
Simon Willison’s Weblog: System Card: Claude Opus 4 & Claude Sonnet 4
Source URL: https://simonwillison.net/2025/May/25/claude-4-system-card/#atom-everything Source: Simon Willison’s Weblog Title: System Card: Claude Opus 4 & Claude Sonnet 4 Feedly Summary: System Card: Claude Opus 4 & Claude Sonnet 4 Direct link to a PDF on Anthropic’s CDN because they don’t appear to have a landing page anywhere for this document. Anthropic’s system cards are always worth…
-
Slashdot: MCP Will Be Built Into Windows To Make an ‘Agentic OS’ – Bringing Security Concerns
Source URL: https://tech.slashdot.org/story/25/05/24/1740221/mcp-will-be-built-into-windows-to-make-an-agentic-os—bringing-security-concerns?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: MCP Will Be Built Into Windows To Make an ‘Agentic OS’ – Bringing Security Concerns Feedly Summary: AI Summary and Description: Yes Summary: The text discusses Microsoft’s plans to integrate the Model Connectivity Protocol (MCP) into Windows, highlighting its potential for improving automation in AI applications but also raising…
-
Simon Willison’s Weblog: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
Source URL: https://simonwillison.net/2025/May/23/remote-prompt-injection-in-gitlab-duo/ Source: Simon Willison’s Weblog Title: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft Feedly Summary: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft Yet another example of the classic Markdown image exfiltration attack, this time affecting GitLab Duo – GitLab’s chatbot. Omer Mayraz reports on how…