Experimental News Clipping Site

Tag: potential exploits

  • Hacker News: Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/18/microsoft_trend_flaw/ Source: Hacker News Title: Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a vulnerability identified by Trend Micro that has been exploited in a prolonged espionage campaign, highlighting Microsoft’s response (or lack thereof) to the issue. It underscores the…

  • Embrace The Red: Sneaky Bits: Advanced Data Smuggling Techniques (ASCII Smuggler Updates)

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/sneaky-bits-and-ascii-smuggler/ Source: Embrace The Red Title: Sneaky Bits: Advanced Data Smuggling Techniques (ASCII Smuggler Updates) Feedly Summary: You are likely aware of ASCII Smuggling via Unicode Tags. It is unique and fascinating because many LLMs inherently interpret these as instructions when delivered as hidden prompt injection, and LLMs can also emit them. Then,…

  • The Register: MINJA sneak attack poisons AI models for other chatbot users

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/11/minja_attack_poisons_ai_model_memory/ Source: The Register Title: MINJA sneak attack poisons AI models for other chatbot users Feedly Summary: Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it AI models with memory aim to enhance user interactions by recalling past engagements. However, this feature opens the door…

  • The Register: VMware patches guest-to-hypervisor escape flaws already under attack

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/04/vmware_plugs_three_hypervisorhijack_holes/ Source: The Register Title: VMware patches guest-to-hypervisor escape flaws already under attack Feedly Summary: The heap overflow in the memory unsafe code by Miss Creant Broadcom today pushed out patches for three VMware hypervisor-hijacking bugs, including one rated critical, that have already been found and exploited by criminals.… AI Summary and Description:…

  • Cisco Talos Blog: Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/february-patch-tuesday-release/ Source: Cisco Talos Blog Title: Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities Feedly Summary: Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as “moderate". The remaining vulnerabilities listed are classified…

  • Alerts: CISA Releases Nine Industrial Control Systems Advisories

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/02/04/cisa-releases-nine-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Nine Industrial Control Systems Advisories Feedly Summary: CISA released nine Industrial Control Systems (ICS) advisories on February 4, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-035-01 Western Telematic Inc NPS Series, DSM Series, CPM Series ICSA-25-035-02 Rockwell Automation 1756-L8zS3…

  • Hacker News: Sound & Efficient Generation of DOP Exploits via Programming Language Synthesis [pdf]

    by

    Kurt Seifried
    in

    Source URL: https://ilyasergey.net/assets/pdf/papers/doppler-usenix25.pdf Source: Hacker News Title: Sound & Efficient Generation of DOP Exploits via Programming Language Synthesis [pdf] Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a novel approach to generating data-oriented exploits through a technique called Programming Language Synthesis (PLS). This method improves the efficiency and soundness of exploit…

  • Alerts: CISA Releases Eight Industrial Control Systems Advisories

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/30/cisa-releases-eight-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Eight Industrial Control Systems Advisories Feedly Summary: CISA released eight Industrial Control Systems (ICS) advisories on January 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-030-01 Hitachi Energy UNEM ICSA-25-030-02 New Rock Technologies Cloud Connected Devices ICSA-25-030-03 Schneider Electric…

  • Cisco Talos Blog: Whatsup Gold, Observium and Offis vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/whatsup-gold-observium-offis-vulnerabilities/ Source: Cisco Talos Blog Title: Whatsup Gold, Observium and Offis vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.   These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications…