keys – Page 4 – Experimental News Clipping Site

Schneier on Security: We Are Still Unable to Secure LLMs from Malicious Inputs

Aug 27, 2025

—

by

Source URL: https://www.schneier.com/blog/archives/2025/08/we-are-still-unable-to-secure-llms-from-malicious-inputs.html Source: Schneier on Security Title: We Are Still Unable to Secure LLMs from Malicious Inputs Feedly Summary: Nice indirect prompt injection attack: Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own…

The Register: Who are you again? Infosec experiencing ‘Identity crisis’ amid rising login attacks

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/27/ciscos_duo_identity_crisis/ Source: The Register Title: Who are you again? Infosec experiencing ‘Identity crisis’ amid rising login attacks Feedly Summary: Vendor insists passkeys are the future, but getting workers on board is proving difficult Infosec pros are losing confidence in their identity providers’ ability to keep attackers out, with Cisco-owned Duo warning that the…

Cloud Blog: Widespread Data Theft Targets Salesforce Instances via Salesloft Drift

Aug 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift/ Source: Cloud Blog Title: Widespread Data Theft Targets Salesforce Instances via Salesloft Drift Feedly Summary: Written by: Austin Larsen, Matt Lin, Tyler McLellan, Omar ElAhdan Introduction Google Threat Intelligence Group (GTIG) is issuing an advisory to alert organizations about a widespread data theft campaign, carried out by the actor tracked as UNC6395.…

The Cloudflare Blog: Beyond the ban: A better way to secure generative AI applications

Aug 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.cloudflare.com/ai-prompt-protection/ Source: The Cloudflare Blog Title: Beyond the ban: A better way to secure generative AI applications Feedly Summary: Generative AI tools present a trade-off of productivity and data risk. Cloudflare One’s new AI prompt protection feature provides the visibility and control needed to govern these tools, allowing AI Summary and Description: Yes…

The Register: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/amazon_quietly_fixed_q_developer_flaws/ Source: The Register Title: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE Feedly Summary: Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to…

Cloud Blog: Going beyond basic data security with Google Cloud DSPM

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/going-beyond-dspm-to-protect-your-data-in-the-cloud-now-in-preview/ Source: Cloud Blog Title: Going beyond basic data security with Google Cloud DSPM Feedly Summary: In the age of data democratization and generative AI, the way organizations handle data has changed dramatically. This evolution creates opportunities — and security risks. The challenge for security teams isn’t just about protecting data; it’s about…

Cloud Blog: Announcing new capabilities for enabling defenders and securing AI innovation

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/security-summit-2025-enabling-defenders-and-securing-ai-innovation/ Source: Cloud Blog Title: Announcing new capabilities for enabling defenders and securing AI innovation Feedly Summary: AI presents an unprecedented opportunity for organizations to redefine their security posture and reduce the greatest amount of risk for the investment. From proactively finding zero-day vulnerabilities to processing vast amounts of threat intelligence data in…

Embrace The Red: Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-data-exfil-via-dns/ Source: Embrace The Red Title: Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection Feedly Summary: The next three posts will cover high severity vulnerabilities in the Amazon Q Developer VS Code Extension (Amazon Q), which is a very popular coding agent, with over 1 million downloads. It is vulnerable to…

Simon Willison’s Weblog: Google Gemini URL Context

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/18/google-gemini-url-context/ Source: Simon Willison’s Weblog Title: Google Gemini URL Context Feedly Summary: Google Gemini URL Context New feature in the Gemini API: you can now enable a url_context tool which the models can use to request the contents of URLs as part of replying to a prompt. I released llm-gemini 0.25 with a…

Cloud Blog: Now available: Cloud HSM as an encryption key service for Workspace client-side encryption

Aug 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/introducing-cloud-hsm-as-an-encryption-key-service-for-workspace-cse/ Source: Cloud Blog Title: Now available: Cloud HSM as an encryption key service for Workspace client-side encryption Feedly Summary: Organizations in highly-regulated sectors, such as government, defense, financial services, and healthcare, are required to meet stringent standards to safeguard sensitive data. Client-side encryption (CSE) for Google Workspace is a unique, privacy-preserving offering…

Tag: keys