Tag: permissions
-
Simon Willison’s Weblog: Cato CTRL™ Threat Research: PoC Attack Targeting Atlassian’s Model Context Protocol (MCP) Introduces New “Living off AI” Risk
Source URL: https://simonwillison.net/2025/Jun/19/atlassian-prompt-injection-mcp/ Source: Simon Willison’s Weblog Title: Cato CTRL™ Threat Research: PoC Attack Targeting Atlassian’s Model Context Protocol (MCP) Introduces New “Living off AI” Risk Feedly Summary: Cato CTRL™ Threat Research: PoC Attack Targeting Atlassian’s Model Context Protocol (MCP) Introduces New “Living off AI” Risk Stop me if you’ve heard this one before: A…
-
Slashdot: Microsoft 365 Brings the Shutters Down On Legacy Protocols
Source URL: https://it.slashdot.org/story/25/06/19/2046206/microsoft-365-brings-the-shutters-down-on-legacy-protocols?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Microsoft 365 Brings the Shutters Down On Legacy Protocols Feedly Summary: AI Summary and Description: Yes **Summary:** Microsoft 365 is set to enhance security by blocking legacy authentication protocols starting July 2025 as part of its “Secure by Default” initiative. This move aims to mitigate risks associated with vulnerable…
-
AWS News Blog: AWS re:Inforce roundup 2025: top announcements
Source URL: https://aws.amazon.com/blogs/aws/aws-reinforce-roundup-2025-top-announcements/ Source: AWS News Blog Title: AWS re:Inforce roundup 2025: top announcements Feedly Summary: At AWS re:Inforce 2025 (June 16-18, Philadelphia), AWS Vice President and Chief Information Security Officer Amy Herzog delivered the keynote address, announcing new security innovations. Throughout the event, AWS announced additional security capabilities focused on simplifying security at scale…
-
AWS Open Source Blog: Secure your Express application APIs in 5 minutes with Cedar
Source URL: https://aws.amazon.com/blogs/opensource/secure-your-application-apis-in-5-minutes-with-cedar/ Source: AWS Open Source Blog Title: Secure your Express application APIs in 5 minutes with Cedar Feedly Summary: Today, the open source Cedar project announced the release of authorization-for-expressjs, an open source package that simplifies using the Cedar policy language and authorization engine to verify application permissions. This release allows developers to…
-
AWS Open Source Blog: Introducing Cedar Analysis: Open Source Tools for Verifying Authorization Policies
Source URL: https://aws.amazon.com/blogs/opensource/introducing-cedar-analysis-open-source-tools-for-verifying-authorization-policies/ Source: AWS Open Source Blog Title: Introducing Cedar Analysis: Open Source Tools for Verifying Authorization Policies Feedly Summary: Today, we’re excited to announce Cedar Analysis, a new open source toolkit for developers that makes it easier for everyone to verify the behavior of their Cedar policies. Cedar is an open source authorization…
-
Bulletins: Vulnerability Summary for the Week of June 9, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-167 Source: Bulletins Title: Vulnerability Summary for the Week of June 9, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Acer–ControlCenter Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named…
-
CSA: AI Agents vs AI Chatbots: Understanding the Difference
Source URL: https://cloudsecurityalliance.org/articles/ai-agents-vs-ai-chatbots-understanding-the-difference Source: CSA Title: AI Agents vs AI Chatbots: Understanding the Difference Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the significant differences between AI chatbots and AI agents, particularly in terms of security implications associated with non-human identities (NHIs). It highlights that while chatbots are predictable and easier to…
-
Simon Willison’s Weblog: An Introduction to Google’s Approach to AI Agent Security
Source URL: https://simonwillison.net/2025/Jun/15/ai-agent-security/#atom-everything Source: Simon Willison’s Weblog Title: An Introduction to Google’s Approach to AI Agent Security Feedly Summary: Here’s another new paper on AI agent security: An Introduction to Google’s Approach to AI Agent Security, by Santiago Díaz, Christoph Kern, and Kara Olive. (I wrote about a different recent paper, Design Patterns for Securing…
-
Cloud Blog: Cloud CISO Perspectives: How Google secures AI Agents
Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-google-secures-ai-agents/ Source: Cloud Blog Title: Cloud CISO Perspectives: How Google secures AI Agents Feedly Summary: Welcome to the first Cloud CISO Perspectives for June 2025. Today, Anton Chuvakin, security advisor for Google Cloud’s Office of the CISO, discusses a new Google report on securing AI agents, and the new security paradigm they demand.As…
-
The Register: ‘Major compromise’ at NHS temping arm exposed gaping security holes
Source URL: https://www.theregister.com/2025/06/12/compromise_nhs_professionals/ Source: The Register Title: ‘Major compromise’ at NHS temping arm exposed gaping security holes Feedly Summary: Incident responders suggested sweeping improvements following Active Directory database heist Exclusive Cybercriminals broke into systems belonging to the UK’s NHS Professionals body in May 2024, stealing its Active Directory database, but the healthcare organization never publicly…