Experimental News Clipping Site

Tag: mitigations

  • Schneier on Security: Daniel Miessler on the AI Attack/Defense Balance

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/10/daniel-miessler-on-the-ai-attack-defense-balance.html Source: Schneier on Security Title: Daniel Miessler on the AI Attack/Defense Balance Feedly Summary: His conclusion: Context wins Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or,…

  • The Register: ‘An attacker’s playground:’ Crims exploit GoAnywhere perfect-10 bug

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/26/an_apts_playground_goanywhere_perfect10/ Source: The Register Title: ‘An attacker’s playground:’ Crims exploit GoAnywhere perfect-10 bug Feedly Summary: Researchers say tens of thousands of instances remain publicly reachable Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra’s GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.……

  • Simon Willison’s Weblog: Cross-Agent Privilege Escalation: When Agents Free Each Other

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Sep/24/cross-agent-privilege-escalation/ Source: Simon Willison’s Weblog Title: Cross-Agent Privilege Escalation: When Agents Free Each Other Feedly Summary: Cross-Agent Privilege Escalation: When Agents Free Each Other Here’s a clever new form of AI exploit from Johann Rehberger, who has coined the term Cross-Agent Privilege Escalation to describe an attack where multiple coding agents – GitHub…

  • The Register: One token to pwn them all: Entra ID bug could have granted access to every tenant

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/19/microsoft_entra_id_bug/ Source: The Register Title: One token to pwn them all: Entra ID bug could have granted access to every tenant Feedly Summary: Until Microsoft lobbed it into a virtual volcano A security researcher claims to have found a flaw that could have handed him the keys to almost every Entra ID tenant…

  • OpenAI : Detecting and reducing scheming in AI models

    by

    Kurt Seifried
    in

    Source URL: https://openai.com/index/detecting-and-reducing-scheming-in-ai-models Source: OpenAI Title: Detecting and reducing scheming in AI models Feedly Summary: Apollo Research and OpenAI developed evaluations for hidden misalignment (“scheming”) and found behaviors consistent with scheming in controlled tests across frontier models. The team shared concrete examples and stress tests of an early method to reduce scheming. AI Summary and…

  • Google Online Security Blog: Supporting Rowhammer research to protect the DRAM ecosystem

    by

    Kurt Seifried
    in

    Source URL: http://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html Source: Google Online Security Blog Title: Supporting Rowhammer research to protect the DRAM ecosystem Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the Rowhammer vulnerability in DRAM memory, which allows attackers to manipulate memory cells leading to unauthorized access or data corruption. It highlights the inadequacy of current mitigations…

  • Slashdot: Apple Claims ‘Most Significant Upgrade to Memory Safety’ in OS History

    by

    Kurt Seifried
    in

    Source URL: https://apple.slashdot.org/story/25/09/14/228211/apple-claims-most-significant-upgrade-to-memory-safety-in-os-history?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Apple Claims ‘Most Significant Upgrade to Memory Safety’ in OS History Feedly Summary: AI Summary and Description: Yes Summary: Apple has introduced a groundbreaking security feature called Memory Integrity Enforcement (MIE) in its latest devices, which significantly enhances memory safety and aims to defend against sophisticated spyware attacks. This…

  • The Register: Boffins build automated Android bug hunting system

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/04/boffins_build_automated_android_bug_hunting/ Source: The Register Title: Boffins build automated Android bug hunting system Feedly Summary: AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to…

  • Schneier on Security: Indirect Prompt Injection Attacks Against LLM Assistants

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/09/indirect-prompt-injection-attacks-against-llm-assistants.html Source: Schneier on Security Title: Indirect Prompt Injection Attacks Against LLM Assistants Feedly Summary: Really good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks,…