Experimental News Clipping Site

Tag: malicious actors

  • The Register: In the rush to adopt hot new tech, security is often forgotten. AI is no exception

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/02/exposed_ollama_servers_insecure_research/ Source: The Register Title: In the rush to adopt hot new tech, security is often forgotten. AI is no exception Feedly Summary: Cisco finds hundreds of Ollama servers open to unauthorized access, creating various nasty risks Cisco’s Talos security research team has found over 1,100 Ollama servers exposed to the public internet,…

  • Embrace The Red: Wrap Up: The Month of AI Bugs

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/wrapping-up-month-of-ai-bugs/ Source: Embrace The Red Title: Wrap Up: The Month of AI Bugs Feedly Summary: That’s it. The Month of AI Bugs is done. There won’t be a post tomorrow, because I will be at PAX West. Overview of Posts ChatGPT: Exfiltrating Your Chat History and Memories With Prompt Injection | Video ChatGPT…

  • The Register: Crims laud Claude to plant ransomware and fake IT expertise

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/27/anthropic_security_report_flags_rogue/ Source: The Register Title: Crims laud Claude to plant ransomware and fake IT expertise Feedly Summary: AI lowers the bar for cybercrime, Anthropic admits comment Anthropic, a maker of AI tools, says that AI tools are now commonly used to commit cybercrime and facilitate remote worker fraud.… AI Summary and Description: Yes…

  • Simon Willison’s Weblog: Piloting Claude for Chrome

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Aug/26/piloting-claude-for-chrome/#atom-everything Source: Simon Willison’s Weblog Title: Piloting Claude for Chrome Feedly Summary: Piloting Claude for Chrome Two days ago I said: I strongly expect that the entire concept of an agentic browser extension is fatally flawed and cannot be built safely. Today Anthropic announced their own take on this pattern, implemented as an…

  • The Register: First AI-powered ransomware spotted, but it’s not active – yet

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/26/first_aipowered_ransomware_spotted_by/ Source: The Register Title: First AI-powered ransomware spotted, but it’s not active – yet Feedly Summary: Oh, look, a use case for OpenAI’s gpt-oss-20b model ESET malware researchers Anton Cherepanov and Peter Strycek have discovered what they describe as the “first known AI-powered ransomware," which they named PromptLock. … AI Summary and Description:…

  • Embrace The Red: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/aws-kiro-aribtrary-command-execution-with-indirect-prompt-injection/ Source: Embrace The Red Title: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection Feedly Summary: On the day AWS Kiro was released, I couldn’t resist putting it through some of my Month of AI Bugs security tests for coding agents. AWS Kiro was vulnerable to arbitrary command execution via indirect prompt…

  • Schneier on Security: Encryption Backdoor in Military/Police Radios

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/08/encryption-backdoor-in-military-police-radios.html Source: Schneier on Security Title: Encryption Backdoor in Military/Police Radios Feedly Summary: I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities­—five in total—­in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The…

  • The Register: One long sentence is all it takes to make LLMs misbehave

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/26/breaking_llms_for_fun/ Source: The Register Title: One long sentence is all it takes to make LLMs misbehave Feedly Summary: Chatbots ignore their guardrails when your grammar sucks, researchers find Security researchers from Palo Alto Networks’ Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it’s…

  • Microsoft Security Blog: Think before you Click(Fix): Analyzing the ClickFix social engineering technique

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/ Source: Microsoft Security Blog Title: Think before you Click(Fix): Analyzing the ClickFix social engineering technique Feedly Summary: The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious…

  • The Register: Apple rushes out fix for active zero-day in iOS and macOS

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/21/apple_imageio_exploit/ Source: The Register Title: Apple rushes out fix for active zero-day in iOS and macOS Feedly Summary: Another ‘extremely sophisticated’ exploit chewing at Cupertino’s walled garden Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.……