Tag: robust security practices
-
The Register: More packages poisoned in npm attack, but would-be crypto thieves left pocket change
Source URL: https://www.theregister.com/2025/09/09/npm_supply_chain_attack/ Source: The Register Title: More packages poisoned in npm attack, but would-be crypto thieves left pocket change Feedly Summary: Miscreants cost victims time rather than money During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages reached one in 10 cloud environments, according to Wiz…
-
Slashdot: Coinbase Reverses Remote-First Policy After North Korean Infiltration Attempts
Source URL: https://slashdot.org/story/25/08/22/1515238/coinbase-reverses-remote-first-policy-after-north-korean-infiltration-attempts?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Coinbase Reverses Remote-First Policy After North Korean Infiltration Attempts Feedly Summary: AI Summary and Description: Yes Summary: The text highlights the increasing security vulnerabilities associated with remote work policies, particularly in sensitive roles within cryptocurrency firms. It emphasizes the proactive measures taken by Coinbase to mitigate these risks, including…
-
Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets
Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…
-
Embrace The Red: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection
Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-interprets-hidden-instructions/ Source: Embrace The Red Title: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads. In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead…
-
Embrace The Red: Data Exfiltration via Image Rendering Fixed in Amp Code
Source URL: https://embracethered.com/blog/posts/2025/amp-code-fixed-data-exfiltration-via-images/ Source: Embrace The Red Title: Data Exfiltration via Image Rendering Fixed in Amp Code Feedly Summary: In this post we discuss a vulnerability that was present in Amp Code from Sourcegraph by which an attacker could exploit markdown driven image rendering to exfiltrate sensitive information. This vulnerability is common in AI applications…
-
Docker: A practitioner’s view on how Docker enables security by default and makes developers work better
Source URL: https://www.docker.com/blog/how-docker-enables-security-by-default/ Source: Docker Title: A practitioner’s view on how Docker enables security by default and makes developers work better Feedly Summary: This blog post was written by Docker Captains, experienced professionals recognized for their expertise with Docker. It shares their firsthand, real-world experiences using Docker in their own work or within the organizations…
-
The Cloudflare Blog: MadeYouReset: An HTTP/2 vulnerability thwarted by Rapid Reset mitigations
Source URL: https://blog.cloudflare.com/madeyoureset-an-http-2-vulnerability-thwarted-by-rapid-reset-mitigations/ Source: The Cloudflare Blog Title: MadeYouReset: An HTTP/2 vulnerability thwarted by Rapid Reset mitigations Feedly Summary: A new HTTP/2 denial-of-service (DoS) vulnerability called MadeYouReset was recently disclosed by security researchers. Cloudflare HTTP DDoS mitigation, already protects from MadeYouReset. AI Summary and Description: Yes Summary: The text discusses a newly identified HTTP/2 DoS…
-
Slashdot: Did a Vendor’s Leak Help Attackers Exploit Microsoft’s SharePoint Servers?
Source URL: https://it.slashdot.org/story/25/07/27/0337218/did-a-vendors-leak-help-attackers-exploit-microsofts-sharepoint-servers?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Did a Vendor’s Leak Help Attackers Exploit Microsoft’s SharePoint Servers? Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a serious security concern regarding zero-day exploits targeting Microsoft’s SharePoint servers, emphasizing potential leaks of vulnerability information and the impact of generative AI tools like Google Gemini in…