Experimental News Clipping Site

Tag: injection

  • The Register: Critical, make-me-super-user SAP S/4HANA bug under active exploitation

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/05/critical_sap_s4hana_bug_exploited/ Source: The Register Title: Critical, make-me-super-user SAP S/4HANA bug under active exploitation Feedly Summary: 9.9-rated flaw on the loose, so patch now A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers.… AI Summary and Description: Yes…

  • Schneier on Security: Indirect Prompt Injection Attacks Against LLM Assistants

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/09/indirect-prompt-injection-attacks-against-llm-assistants.html Source: Schneier on Security Title: Indirect Prompt Injection Attacks Against LLM Assistants Feedly Summary: Really good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks,…

  • Embrace The Red: Wrap Up: The Month of AI Bugs

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/wrapping-up-month-of-ai-bugs/ Source: Embrace The Red Title: Wrap Up: The Month of AI Bugs Feedly Summary: That’s it. The Month of AI Bugs is done. There won’t be a post tomorrow, because I will be at PAX West. Overview of Posts ChatGPT: Exfiltrating Your Chat History and Memories With Prompt Injection | Video ChatGPT…

  • Embrace The Red: AgentHopper: An AI Virus Research Project

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/agenthopper-a-poc-ai-virus/ Source: Embrace The Red Title: AgentHopper: An AI Virus Research Project Feedly Summary: As part of the Month of AI Bugs, serious vulnerabilities that allow remote code execution via indirect prompt injection were discovered. There was a period of a few weeks where multiple arbitrary code execution vulnerabilities existed in popular agents,…

  • Slashdot: Defense Department Reportedly Relies On Utility Written by Russian Dev

    by

    Kurt Seifried
    in

    Source URL: https://tech.slashdot.org/story/25/08/27/2026245/defense-department-reportedly-relies-on-utility-written-by-russian-dev?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Defense Department Reportedly Relies On Utility Written by Russian Dev Feedly Summary: AI Summary and Description: Yes Summary: The article highlights concerns over the fast-glob utility, widely used in Node.js applications, particularly within U.S. Department of Defense systems. Maintained by a Russian developer with ties to Yandex, the lack…

  • Simon Willison’s Weblog: Quoting Bruce Schneier

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Aug/27/bruce-schneier/#atom-everything Source: Simon Willison’s Weblog Title: Quoting Bruce Schneier Feedly Summary: We simply don’t know to defend against these attacks. We have zero agentic AI systems that are secure against these attacks. Any AI that is working in an adversarial environment—and by this I mean that it may encounter untrusted training data or…