Experimental News Clipping Site

Tag: responsible disclosure

  • Hacker News: Show HN: GuMCP – Open-source MCP servers, hosted for free

    by

    Kurt Seifried
    in

    Source URL: https://github.com/gumloop/guMCP Source: Hacker News Title: Show HN: GuMCP – Open-source MCP servers, hosted for free Feedly Summary: Comments AI Summary and Description: Yes Summary: The Gumloop Unified Model Context Protocol (guMCP) is an open-source project designed to facilitate a community-driven collection of Model Context Protocol (MCP) servers. Its dual transport support and unified backend…

  • Hacker News: Next.js and the corrupt middleware: the authorizing artifact

    by

    Kurt Seifried
    in

    Source URL: https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware Source: Hacker News Title: Next.js and the corrupt middleware: the authorizing artifact Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a critical security vulnerability discovered in Next.js, a widely used JavaScript framework, specifically regarding its middleware functionality. The vulnerability allows unauthorized access by manipulating request headers, which could…

  • Hacker News: ‘Uber for nurses’ exposes 86K+ medical records, PII via open S3 bucket

    by

    Kurt Seifried
    in

    Source URL: https://www.websiteplanet.com/news/eshyft-report-breach/ Source: Hacker News Title: ‘Uber for nurses’ exposes 86K+ medical records, PII via open S3 bucket Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant cybersecurity incident involving the exposure of a non-password-protected database belonging to ESHYFT, a healthtech company. The incident raises critical issues about privacy…

  • Hacker News: ESP32 Undocumented Bluetooth Commands: Clearing the Air

    by

    Kurt Seifried
    in

    Source URL: https://developer.espressif.com/blog/2025/03/esp32-bluetooth-clearing-the-air/ Source: Hacker News Title: ESP32 Undocumented Bluetooth Commands: Clearing the Air Feedly Summary: Comments AI Summary and Description: Yes Summary: The text addresses security concerns related to undocumented HCI commands in the ESP32 Bluetooth controller, dismissing claims of a backdoor while outlining the nature of these commands and their implications for security.…

  • Embrace The Red: Hacking Gemini’s Memory with Prompt Injection and Delayed Tool Invocation

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/ Source: Embrace The Red Title: Hacking Gemini’s Memory with Prompt Injection and Delayed Tool Invocation Feedly Summary: Imagine your AI rewriting your personal history… A while ago Google added memories to Gemini. Memories allow Gemini to store user-related data across sessions, storing information in long-term memory. The feature is only available to…

  • Hacker News: Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History

    by

    Kurt Seifried
    in

    Source URL: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak Source: Hacker News Title: Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a critical security vulnerability identified in DeepSeek’s publicly accessible ClickHouse database, which exposed sensitive information related to AI operations. Wiz Research’s responsible disclosure of an unprotected database…