secrets – Page 4 – Experimental News Clipping Site

Embrace The Red: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets

Aug 9, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/openhands-the-lethal-trifecta-strikes-again/ Source: Embrace The Red Title: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets Feedly Summary: Another day, another AI data exfiltration exploit. Today we talk about OpenHands, formerly referred to as OpenDevin initially. It’s created by All-Hands AI. OpenHands renders images in chat, which enables zero-click data exfiltration during prompt injection…

Simon Willison’s Weblog: When a Jira Ticket Can Steal Your Secrets

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/9/when-a-jira-ticket-can-steal-your-secrets/ Source: Simon Willison’s Weblog Title: When a Jira Ticket Can Steal Your Secrets Feedly Summary: When a Jira Ticket Can Steal Your Secrets Zenity Labs describe a classic lethal trifecta attack, this time against Cursor, MCP, Jira and Zendesk. They also have a short video demonstrating the issue. Zendesk support emails are…

Embrace The Red: How Devin AI Can Leak Your Secrets Via Multiple Means

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/devin-can-leak-your-secrets/ Source: Embrace The Red Title: How Devin AI Can Leak Your Secrets Via Multiple Means Feedly Summary: In this post we show how an attacker can make Devin send sensitive information to third-party servers, via multiple means. This post assumes that you read the first post about Devin as well. But here…

Anchore: Meeting 2025’s SBOM Compliance Deadlines: A Practical Implementation Guide

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/meeting-2025s-sbom-compliance-deadlines-a-practical-implementation-guide/ Source: Anchore Title: Meeting 2025’s SBOM Compliance Deadlines: A Practical Implementation Guide Feedly Summary: 2025 has become the year of SBOM compliance deadlines. March 31st marked PCI DSS 4.0’s enforcement date, requiring payment processors to maintain comprehensive inventories of all software components. Meanwhile, the EU’s Cyber Resilience Act takes full effect in…

The Register: TSMC launches legal action against insiders accused of trade secret theft

Aug 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/05/tsmc_trade_secret_theft/ Source: The Register Title: TSMC launches legal action against insiders accused of trade secret theft Feedly Summary: Chipmaker said it caught the ‘unauthorized activity’ early Taiwan Semiconductor Manufacturing Co (TSMC) has launched legal proceedings against an unknown number of employees as it investigates a potential breach of trade secrets.… AI Summary and…

Simon Willison’s Weblog: The ChatGPT sharing dialog demonstrates how difficult it is to design privacy preferences

Aug 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/3/privacy-design/ Source: Simon Willison’s Weblog Title: The ChatGPT sharing dialog demonstrates how difficult it is to design privacy preferences Feedly Summary: ChatGPT just removed their “make this chat discoverable" sharing feature, after it turned out a material volume of users had inadvertantly made their private chats available via Google search. Dane Stuckey, CISO…

Slashdot: Google Confirms It Will Sign the EU AI Code of Practice

Jul 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://tech.slashdot.org/story/25/07/30/1916258/google-confirms-it-will-sign-the-eu-ai-code-of-practice?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google Confirms It Will Sign the EU AI Code of Practice Feedly Summary: AI Summary and Description: Yes Summary: Google has agreed to sign the European Union’s AI Code of Practice, initially opposed for its strict regulations. Despite concerns about potential stifling of innovation, Google aims to influence the…

Cloud Blog: From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944

Jul 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-from-unc3944/ Source: Cloud Blog Title: From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944 Feedly Summary: Introduction In mid 2025, Google Threat Intelligence Group (GITG) identified a sophisticated and aggressive cyber campaign targeting multiple industries, including retail, airline, and insurance. This was the work of UNC3944, a financially motivated threat…

Cloud Blog: Beyond Convenience: Exposing the Risks of VMware vSphere Active Directory Integration

Jul 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/vsphere-active-directory-integration-risks/ Source: Cloud Blog Title: Beyond Convenience: Exposing the Risks of VMware vSphere Active Directory Integration Feedly Summary: Written by: Stuart Carrera, Brian Meyer Executive Summary Broadcom’s VMware vSphere product remains a popular choice for private cloud virtualization, underpinning critical infrastructure. Far from fading, organizations continue to rely heavily on vSphere for stability…

Cloud Blog: Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor

Jul 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/sonicwall-secure-mobile-access-exploitation-overstep-backdoor/ Source: Cloud Blog Title: Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor Feedly Summary: Written by: Josh Goddard, Zander Work, Dimiter Andonov Introduction Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall…

Tag: secrets