injections – Page 2 – Experimental News Clipping Site

Simon Willison’s Weblog: My Lethal Trifecta talk at the Bay Area AI Security Meetup

Aug 9, 2025

—

by

Source URL: https://simonwillison.net/2025/Aug/9/bay-area-ai/#atom-everything Source: Simon Willison’s Weblog Title: My Lethal Trifecta talk at the Bay Area AI Security Meetup Feedly Summary: I gave a talk on Wednesday at the Bay Area AI Security Meetup about prompt injection, the lethal trifecta and the challenges of securing systems that use MCP. It wasn’t recorded but I’ve created…

Embrace The Red: How Devin AI Can Leak Your Secrets Via Multiple Means

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/devin-can-leak-your-secrets/ Source: Embrace The Red Title: How Devin AI Can Leak Your Secrets Via Multiple Means Feedly Summary: In this post we show how an attacker can make Devin send sensitive information to third-party servers, via multiple means. This post assumes that you read the first post about Devin as well. But here…

CSA: How to Spot and Stop E-Skimming

Jul 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.vikingcloud.com/blog/how-to-spot-and-stop-e-skimming-before-it-hijacks-your-customers–and-your-credibility Source: CSA Title: How to Spot and Stop E-Skimming Feedly Summary: AI Summary and Description: Yes Summary: The text explores the growing threat of e-skimming attacks on e-commerce platforms, detailing how cybercriminals exploit JavaScript injections to harvest payment data. It emphasizes the critical need for compliance with PCI DSS v4.x to mitigate…

CSA: Copilot Studio: AIjacking Leads to Data Exfiltration

Jul 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloudsecurityalliance.org/articles/a-copilot-studio-story-2-when-aijacking-leads-to-full-data-exfiltration Source: CSA Title: Copilot Studio: AIjacking Leads to Data Exfiltration Feedly Summary: AI Summary and Description: Yes Summary: The text discusses significant vulnerabilities in AI agents, particularly focusing on prompt injection attacks that led to unauthorized access and exfiltration of sensitive data. It provides a case study involving a customer service agent…

The Register: Scholars sneaking phrases into papers to fool AI reviewers

Jul 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/07/07/scholars_try_to_fool_llm_reviewers/ Source: The Register Title: Scholars sneaking phrases into papers to fool AI reviewers Feedly Summary: Using prompt injections to play a Jedi mind trick on LLMs A handful of international computer science researchers appear to be trying to influence AI reviews with a new class of prompt injection attack.… AI Summary and…

Schneier on Security: Hiding Prompt Injections in Academic Papers

Jul 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/07/hiding-prompt-injections-in-academic-papers.html Source: Schneier on Security Title: Hiding Prompt Injections in Academic Papers Feedly Summary: Academic papers were found to contain hidden instructions to LLMs: It discovered such prompts in 17 articles, whose lead authors are affiliated with 14 institutions including Japan’s Waseda University, South Korea’s KAIST, China’s Peking University and the National University…

Bulletins: Vulnerability Summary for the Week of June 23, 2025

Jun 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-181 Source: Bulletins Title: Vulnerability Summary for the Week of June 23, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 70mai–M300 A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet…

CSA: Primer on Model Context Protocol (MCP) Implementation

Jun 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloudsecurityalliance.org/articles/a-primer-on-model-context-protocol-mcp-secure-implementation Source: CSA Title: Primer on Model Context Protocol (MCP) Implementation Feedly Summary: AI Summary and Description: Yes **Summary:** The text serves as a comprehensive implementation guide for deploying the Model Context Protocol (MCP) with a security-focused lens, emphasizing threat modeling using the MAESTRO framework. It offers practical insights into building secure Large…

AWS News Blog: New AWS Shield feature discovers network security issues before they can be exploited (Preview)

Jun 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://aws.amazon.com/blogs/aws/new-aws-shield-feature-discovers-network-security-issues-before-they-can-be-exploited-preview/ Source: AWS News Blog Title: New AWS Shield feature discovers network security issues before they can be exploited (Preview) Feedly Summary: Shield network security posture management automatically discovers and analyzes network resources across AWS accounts, prioritizes security risks based on AWS best practices, and provides actionable remediation recommendations to protect applications against…

Bulletins: Vulnerability Summary for the Week of June 9, 2025

Jun 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-167 Source: Bulletins Title: Vulnerability Summary for the Week of June 9, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Acer–ControlCenter Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named…

Tag: injections