potential exploits – Experimental News Clipping Site

The Register: Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets

Sep 11, 2025

—

by

Source URL: https://www.theregister.com/2025/09/11/vmscape_spectre_vulnerability/ Source: The Register Title: Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets Feedly Summary: AMD Zen hardware and Intel Coffee Lake affected If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and…

Embrace The Red: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection

Aug 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/aws-kiro-aribtrary-command-execution-with-indirect-prompt-injection/ Source: Embrace The Red Title: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection Feedly Summary: On the day AWS Kiro was released, I couldn’t resist putting it through some of my Month of AI Bugs security tests for coding agents. AWS Kiro was vulnerable to arbitrary command execution via indirect prompt…

The Register: One long sentence is all it takes to make LLMs misbehave

Aug 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/26/breaking_llms_for_fun/ Source: The Register Title: One long sentence is all it takes to make LLMs misbehave Feedly Summary: Chatbots ignore their guardrails when your grammar sucks, researchers find Security researchers from Palo Alto Networks’ Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it’s…

The Register: Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/19/apache_activemq_patch_malware/ Source: The Register Title: Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in Feedly Summary: Intruders hoped no one would notice their presence Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux…

The Cloudflare Blog: MadeYouReset: An HTTP/2 vulnerability thwarted by Rapid Reset mitigations

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.cloudflare.com/madeyoureset-an-http-2-vulnerability-thwarted-by-rapid-reset-mitigations/ Source: The Cloudflare Blog Title: MadeYouReset: An HTTP/2 vulnerability thwarted by Rapid Reset mitigations Feedly Summary: A new HTTP/2 denial-of-service (DoS) vulnerability called MadeYouReset was recently disclosed by security researchers. Cloudflare HTTP DDoS mitigation, already protects from MadeYouReset. AI Summary and Description: Yes Summary: The text discusses a newly identified HTTP/2 DoS…

The Register: Russia’s RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/11/russias_romcom_among_those_exploiting/ Source: The Register Title: Russia’s RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks Feedly Summary: A few weeks earlier ‘zeroplayer’ advertised an $80K WinRAR 0-day exploit Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.… AI Summary and Description:…

Wired: Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.wired.com/story/google-gemini-calendar-invite-hijack-smart-home/ Source: Wired Title: Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home Feedly Summary: For likely the first time ever, security researchers have shown how AI can be hacked to create real world havoc, allowing them to turn off lights, open smart shutters, and more.…

Slashdot: VMware Prevents Some Perpetual License Holders From Downloading Patches

Jul 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://tech.slashdot.org/story/25/07/24/0125217/vmware-prevents-some-perpetual-license-holders-from-downloading-patches?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: VMware Prevents Some Perpetual License Holders From Downloading Patches Feedly Summary: AI Summary and Description: Yes Summary: The text highlights significant security implications for customers of Broadcom’s VMware business due to limited access to security patches for users with perpetual licenses lacking current support contracts. This impacts their security…

Cisco Talos Blog: Patch, track, repeat

Jul 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/patch-track-repeat/ Source: Cisco Talos Blog Title: Patch, track, repeat Feedly Summary: Thorsten takes stock of a rapidly evolving vulnerability landscape: record-setting CVE publication rates, the growing fragmentation of reporting systems, and why consistent tracking and patching remain critical as we move through 2025. AI Summary and Description: Yes Summary: The text provides insights…

Cisco Talos Blog: Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities

Jul 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/microsoft-patch-tuesday-july-2025/ Source: Cisco Talos Blog Title: Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities Feedly Summary: Microsoft has released its monthly security update for July 2025, which includes 132 vulnerabilities affecting a range of products, including 14 that Microsoft marked as “critical.” AI Summary and Description: Yes **Summary:** The…

Tag: potential exploits