Tag: injection
-
Embrace The Red: Google Jules is Vulnerable To Invisible Prompt Injection
Source URL: https://embracethered.com/blog/posts/2025/google-jules-invisible-prompt-injection/ Source: Embrace The Red Title: Google Jules is Vulnerable To Invisible Prompt Injection Feedly Summary: The latest Gemini models quite reliably interpret hidden Unicode Tag characters as instructions. This vulnerability, first reported to Google over a year ago, has not been mitigated at the model or API level, hence now affects all…
-
Embrace The Red: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)
Source URL: https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/ Source: Embrace The Red Title: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) Feedly Summary: This post is about an important, but also scary, prompt injection discovery that leads to full system compromise of the developer’s machine in GitHub Copilot and VS Code. It is achieved by placing Copilot into YOLO…
-
Slashdot: Sloppy AI Defenses Take Cybersecurity Back To the 1990s, Researchers Say
Source URL: https://it.slashdot.org/story/25/08/12/2037200/sloppy-ai-defenses-take-cybersecurity-back-to-the-1990s-researchers-say Source: Slashdot Title: Sloppy AI Defenses Take Cybersecurity Back To the 1990s, Researchers Say Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the significant security risks associated with artificial intelligence, particularly at the Black Hat USA 2025 conference. As AI technologies such as large language models become prevalent, they…
-
Docker: Building AI agents made easy with Goose and Docker
Source URL: https://www.docker.com/blog/building-ai-agents-with-goose-and-docker/ Source: Docker Title: Building AI agents made easy with Goose and Docker Feedly Summary: Building AI agents can be a complex task. But it also can be a fairly simple combination of answers to the following questions: What is the AI backend that powers my intelligent fuzzy computation? What tools do you…
-
Embrace The Red: Claude Code: Data Exfiltration with DNS Requests
Source URL: https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/ Source: Embrace The Red Title: Claude Code: Data Exfiltration with DNS Requests Feedly Summary: Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g.…
-
Embrace The Red: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution
Source URL: https://embracethered.com/blog/posts/2025/openhands-remote-code-execution-zombai/ Source: Embrace The Red Title: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution Feedly Summary: Today we have another post about OpenHands from All Hands AI. It is a popular agent, initially named “OpenDevin”, and recently the company also provides a cloud-based service. Which is all pretty cool and exciting. Prompt…