Experimental News Clipping Site

Tag: injection

  • Alerts: CISA Adds Four Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/02/04/cisa-adds-four-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Four Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45195 Apache OFBiz Forced Browsing Vulnerability CVE-2024-29059 Microsoft .NET Framework Information Disclosure Vulnerability CVE-2018-9276 Paessler PRTG Network Monitor OS Command Injection Vulnerability CVE-2018-19410 Paessler PRTG Network…

  • Bulletins: Vulnerability Summary for the Week of January 27, 2025

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb25-034 Source: Bulletins Title: Vulnerability Summary for the Week of January 27, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 0xPolygonZero–plonky2  Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always…

  • Wired: DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot

    by

    Kurt Seifried
    in

    Source URL: https://www.wired.com/story/deepseeks-ai-jailbreak-prompt-injection-attacks/ Source: Wired Title: DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot Feedly Summary: Security researchers tested 50 well-known jailbreaks against DeepSeek’s popular new AI chatbot. It didn’t stop a single one. AI Summary and Description: Yes Summary: The text highlights the ongoing battle between hackers and security researchers…

  • The Register: Google to Iran: Yes, we see you using Gemini for phishing and scripting. We’re onto you

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/31/state_spies_google_gemini/ Source: The Register Title: Google to Iran: Yes, we see you using Gemini for phishing and scripting. We’re onto you Feedly Summary: And you, China, Russia, North Korea … Guardrails block malware generation Google says it’s spotted Chinese, Russian, Iranian, and North Korean government agents using its Gemini AI for nefarious purposes,…

  • The Register: VMware plugs steal-my-credentials holes in Cloud Foundation

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/30/vmware_infomration_disclosure_flaws/ Source: The Register Title: VMware plugs steal-my-credentials holes in Cloud Foundation Feedly Summary: Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom’s virtualization giant Broadcom has fixed five flaws, collectively deemed “high severity," in VMware’s IT operations and log management tools within Cloud Foundation, including two information disclosure bugs…

  • Simon Willison’s Weblog: How we estimate the risk from prompt injection attacks on AI systems

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Jan/29/prompt-injection-attacks-on-ai-systems/ Source: Simon Willison’s Weblog Title: How we estimate the risk from prompt injection attacks on AI systems Feedly Summary: How we estimate the risk from prompt injection attacks on AI systems The “Agentic AI Security Team" at Google DeepMind share some details on how they are researching indirect prompt injection attacks. They…

  • Cisco Talos Blog: Whatsup Gold, Observium and Offis vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/whatsup-gold-observium-offis-vulnerabilities/ Source: Cisco Talos Blog Title: Whatsup Gold, Observium and Offis vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.   These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications…

  • The Register: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/29/ddos_attacks_aquabot_mitel/ Source: The Register Title: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet Feedly Summary: And now you won’t stop calling me, I’m kinda busy A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled…

  • Cloud Blog: Adversarial Misuse of Generative AI

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-generative-ai/ Source: Cloud Blog Title: Adversarial Misuse of Generative AI Feedly Summary: Rapid advancements in artificial intelligence (AI) are unlocking new possibilities for the way we work and accelerating innovation in science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our collective security. Large language…

  • Google Online Security Blog: How we estimate the risk from prompt injection attacks on AI systems

    by

    Kurt Seifried
    in

    Source URL: https://security.googleblog.com/2025/01/how-we-estimate-risk-from-prompt.html Source: Google Online Security Blog Title: How we estimate the risk from prompt injection attacks on AI systems Feedly Summary: AI Summary and Description: Yes Summary: The text discusses emerging security challenges in modern AI systems, specifically focusing on a class of attacks called “indirect prompt injection.” It presents a comprehensive evaluation…