Experimental News Clipping Site

Tag: secure coding

  • The Register: Attackers snooping around Sitecore, dropping malware via public sample keys

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/04/unknown_miscreants_snooping_around_sitecore/ Source: The Register Title: Attackers snooping around Sitecore, dropping malware via public sample keys Feedly Summary: You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping…

  • The Register: GitHub engineer claims team was ‘coerced’ to put Grok into Copilot

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/29/github_deepens_ties_with_elon/ Source: The Register Title: GitHub engineer claims team was ‘coerced’ to put Grok into Copilot Feedly Summary: Platform’s staffer complains security review was ‘rushed’ Microsoft-owned collaborative coding platform GitHub is deepening its ties with Elon Musk’s xAI, bringing early access to the company’s Grok Code Fast 1 large language model (LLM) into…

  • The Register: Perplexity’s Comet browser naively processed pages with evil instructions

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/20/perplexity_comet_browser_prompt_injection/ Source: The Register Title: Perplexity’s Comet browser naively processed pages with evil instructions Feedly Summary: Rival Brave flags prompt injection vulnerability, now patched To the surprise of no one in the security industry, processing untrusted, unvalidated input is a bad idea.… AI Summary and Description: Yes Summary: The text discusses a recently…

  • Slashdot: Security Flaws In Carmaker’s Web Portal Let a Hacker Remotely Unlock Cars

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/08/17/0221251/security-flaws-in-carmakers-web-portal-let-a-hacker-remotely-unlock-cars?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Security Flaws In Carmaker’s Web Portal Let a Hacker Remotely Unlock Cars Feedly Summary: AI Summary and Description: Yes Summary: A security researcher discovered vulnerabilities in a car dealership portal that could expose personal information and allow remote access to cars. The issues highlight the critical importance of secure…

  • Simon Willison’s Weblog: Chromium Docs: The Rule Of 2

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Aug/11/the-rule-of-2/ Source: Simon Willison’s Weblog Title: Chromium Docs: The Rule Of 2 Feedly Summary: Chromium Docs: The Rule Of 2 Alex Russell pointed me to this principle in the Chromium security documentation as similar to my description of the lethal trifecta. First added in 2019, the Chromium guideline states: When you write code…

  • OpenAI : Introducing GPT-5 for developers

    by

    Kurt Seifried
    in

    Source URL: https://openai.com/index/introducing-gpt-5-for-developers Source: OpenAI Title: Introducing GPT-5 for developers Feedly Summary: Introducing GPT-5 in our API platform—offering high reasoning performance, new controls for devs, and best-in-class results on real coding tasks. AI Summary and Description: Yes Summary: The introduction of GPT-5 on an API platform highlights significant advancements in AI capabilities, particularly in reasoning…

  • Embrace The Red: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/amp-agents-that-modify-system-configuration-and-escape/ Source: Embrace The Red Title: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed Feedly Summary: Sandbox-escape-style attacks can happen when an AI is able to modify its own configuration settings, such as by writing to configuration files. That was the case with Amp, an agentic coding tool built by Sourcegraph. The…

  • Embrace The Red: Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/cursor-data-exfiltration-with-mermaid/ Source: Embrace The Red Title: Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132) Feedly Summary: Cursor is a popular AI code editor. In this post I want to share how I found an interesting data exfiltration issue, the demo exploits built and how it got fixed. When using Cursor I noticed that…

  • Cloud Blog: A deep dive into code reviews with Gemini Code Assist in GitHub

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/ai-machine-learning/gemini-code-assist-and-github-ai-code-reviews/ Source: Cloud Blog Title: A deep dive into code reviews with Gemini Code Assist in GitHub Feedly Summary: Imagine a code review process that doesn’t slow you down. Instead of a queue of pending pull requests, you have an intelligent assistant that provides a near-instant, comprehensive summary of every change. It flags…