mitigating risks – Page 3 – Experimental News Clipping Site

The Register: Researcher who found McDonald’s free-food hack turns her attention to Chinese restaurant robots

Aug 29, 2025

—

by

Source URL: https://www.theregister.com/2025/08/29/pudu_robots_hackable/ Source: The Register Title: Researcher who found McDonald’s free-food hack turns her attention to Chinese restaurant robots Feedly Summary: The admin controls were left wide open on Pudu’s robots A researcher caught the world’s leading supplier of commercial service robots using shoddy admin security that let attackers redirect the delivery machines to…

The Register: Google and Zed push protocol to pry AI agents out of VS Code’s clutches

Aug 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/28/google_zed_acp/ Source: The Register Title: Google and Zed push protocol to pry AI agents out of VS Code’s clutches Feedly Summary: Because not every bot wants to live inside Microsoft’s walled garden Google and code editor company Zed Industries have introduced the Agent Client Protocol (ACP) as a standard way for AI agents…

The Cloudflare Blog: Best Practices for Securing Generative AI with SASE

Aug 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.cloudflare.com/best-practices-sase-for-ai/ Source: The Cloudflare Blog Title: Best Practices for Securing Generative AI with SASE Feedly Summary: This guide provides best practices for Security and IT leaders to securely adopt generative AI using Cloudflare’s SASE architecture as part of a strategy for AI Security Posture Management (AI-SPM). AI Summary and Description: Yes **Summary:** The…

Embrace The Red: Amp Code: Invisible Prompt Injection Fixed by Sourcegraph

Aug 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amp-code-fixed-invisible-prompt-injection/ Source: Embrace The Red Title: Amp Code: Invisible Prompt Injection Fixed by Sourcegraph Feedly Summary: In this post we will look at Amp, a coding agent from Sourcegraph. The other day we discussed how invisible instructions impact Google Jules. Turns out that many client applications are vulnerable to these kinds of attacks…

Docker: MCP Horror Stories: The GitHub Prompt Injection Data Heist

Aug 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.docker.com/blog/mcp-horror-stories-github-prompt-injection/ Source: Docker Title: MCP Horror Stories: The GitHub Prompt Injection Data Heist Feedly Summary: This is Part 3 of our MCP Horror Stories series, where we examine real-world security incidents that validate the critical vulnerabilities threatening AI infrastructure and demonstrate how Docker MCP Toolkit provides enterprise-grade protection. The Model Context Protocol (MCP)…

Unit 42: Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/ Source: Unit 42 Title: Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild Feedly Summary: CVE-2025-32433 allows for remote code execution in sshd for certain versions of Erlang programming language’s OTP. We reproduced this CVE and share our findings. The post Keys to the Kingdom: Erlang/OTP SSH…

Simon Willison’s Weblog: Quoting Ethan Mollick

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/9/ethan-mollick/#atom-everything Source: Simon Willison’s Weblog Title: Quoting Ethan Mollick Feedly Summary: The issue with GPT-5 in a nutshell is that unless you pay for model switching & know to use GPT-5 Thinking or Pro, when you ask “GPT-5” you sometimes get the best available AI & sometimes get one of the worst AIs…

Cloud Blog: Secure your storage: Best practices to prevent dangling bucket takeovers

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/best-practices-to-prevent-dangling-bucket-takeovers/ Source: Cloud Blog Title: Secure your storage: Best practices to prevent dangling bucket takeovers Feedly Summary: Storage buckets are where your data lives in the cloud. Much like digital real estate, these buckets are your own plot of land on the internet. When you move away and no longer need a specific…

Microsoft Security Blog: Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/06/sharing-practical-guidance-launching-microsoft-secure-future-initiative-sfi-patterns-and-practices/ Source: Microsoft Security Blog Title: Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices Feedly Summary: We’re excited to launch SFI patterns and practices: a new library of actionable guidance designed to help organizations implement security measures at scale. This launch marks a next step in our journey to…

Unit 42: The Covert Operator’s Playbook: Infiltration of Global Telecom Networks

Jul 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/infiltration-of-global-telecom-networks/ Source: Unit 42 Title: The Covert Operator’s Playbook: Infiltration of Global Telecom Networks Feedly Summary: Recent activity targeting telecom infrastructure is assessed with high confidence to overlap with Liminal Panda activity. The actors used custom tools, tunneling and OPSEC tactics for stealth. The post The Covert Operator’s Playbook: Infiltration of Global Telecom…

Tag: mitigating risks