Experimental News Clipping Site

Tag: manipulation

  • Embrace The Red: How Devin AI Can Leak Your Secrets Via Multiple Means

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/devin-can-leak-your-secrets/ Source: Embrace The Red Title: How Devin AI Can Leak Your Secrets Via Multiple Means Feedly Summary: In this post we show how an attacker can make Devin send sensitive information to third-party servers, via multiple means. This post assumes that you read the first post about Devin as well. But here…

  • OpenAI : Estimating worst case frontier risks of open weight LLMs

    by

    Kurt Seifried
    in

    Source URL: https://openai.com/index/estimating-worst-case-frontier-risks-of-open-weight-llms Source: OpenAI Title: Estimating worst case frontier risks of open weight LLMs Feedly Summary: In this paper, we study the worst-case frontier risks of releasing gpt-oss. We introduce malicious fine-tuning (MFT), where we attempt to elicit maximum capabilities by fine-tuning gpt-oss to be as capable as possible in two domains: biology and…

  • Embrace The Red: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/amp-agents-that-modify-system-configuration-and-escape/ Source: Embrace The Red Title: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed Feedly Summary: Sandbox-escape-style attacks can happen when an AI is able to modify its own configuration settings, such as by writing to configuration files. That was the case with Amp, an agentic coding tool built by Sourcegraph. The…

  • Slashdot: In Search of Riches, Hackers Plant 4G-Enabled Raspberry Pi In Bank Network

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/07/31/2241259/in-search-of-riches-hackers-plant-4g-enabled-raspberry-pi-in-bank-network?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: In Search of Riches, Hackers Plant 4G-Enabled Raspberry Pi In Bank Network Feedly Summary: AI Summary and Description: Yes Summary: The text highlights a sophisticated cyber-physical attack by the group UNC2891, which involved planting a 4G-enabled Raspberry Pi within a bank’s ATM network. Utilizing advanced malware and techniques for…

  • CSA: Quishing is Here, and It’s Hiding in Plain Sight

    by

    Kurt Seifried
    in

    Source URL: https://cloudsecurityalliance.org/articles/quishing-is-here-and-it-s-hiding-in-plain-sight Source: CSA Title: Quishing is Here, and It’s Hiding in Plain Sight Feedly Summary: AI Summary and Description: Yes **Summary:** The text highlights the emerging threat of “quishing,” where malicious QR codes deceive users into accessing phishing sites. It emphasizes the ease with which attackers can exploit public spaces, the low-security environments,…

  • Slashdot: Google Gemini Deletes User’s Files, Then Just Admits ‘I Have Failed You Completely and Catastrophically’

    by

    Kurt Seifried
    in

    Source URL: https://developers.slashdot.org/story/25/07/26/0642239/google-gemini-deletes-users-files-then-just-admits-i-have-failed-you-completely-and-catastrophically?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google Gemini Deletes User’s Files, Then Just Admits ‘I Have Failed You Completely and Catastrophically’ Feedly Summary: AI Summary and Description: Yes Summary: The reported incident involving Google Gemini’s coding agent highlights significant concerns about the reliability and safety of AI-driven coding tools, particularly in terms of data management…

  • CSA: Businesses are Unprepared for Next Wave of AI Scams

    by

    Kurt Seifried
    in

    Source URL: https://www.vikingcloud.com/blog/why-businesses-are-unprepared-for-the-next-wave-of-ai-scams Source: CSA Title: Businesses are Unprepared for Next Wave of AI Scams Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the rising threat of deepfake audio fraud enabled by AI, highlighting the inadequacy of businesses in responding to this danger. It emphasizes the need for proactive measures, such as…

  • The Cloudflare Blog: Cloudflare protects against critical SharePoint vulnerability, CVE-2025-53770

    by

    Kurt Seifried
    in

    Source URL: https://blog.cloudflare.com/cloudflare-protects-against-critical-sharepoint-vulnerability-cve-2025-53770/ Source: The Cloudflare Blog Title: Cloudflare protects against critical SharePoint vulnerability, CVE-2025-53770 Feedly Summary: Microsoft disclosed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, that are exploited to attack SharePoint servers. AI Summary and Description: Yes **Summary:** The text discusses the critical CVE-2025-53770 vulnerability in Microsoft SharePoint that allows remote code execution and highlights…