secure development – Experimental News Clipping Site

The Register: Boffins build automated Android bug hunting system

Sep 4, 2025

—

by

Source URL: https://www.theregister.com/2025/09/04/boffins_build_automated_android_bug_hunting/ Source: The Register Title: Boffins build automated Android bug hunting system Feedly Summary: AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to…

The Register: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/amazon_quietly_fixed_q_developer_flaws/ Source: The Register Title: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE Feedly Summary: Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to…

Embrace The Red: Amazon Q Developer: Remote Code Execution with Prompt Injection

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-remote-code-execution/ Source: Embrace The Red Title: Amazon Q Developer: Remote Code Execution with Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a popular coding agent, with over 1 million downloads. The extension is vulnerable to indirect prompt injection, and in this post we discuss a vulnerability that…

Cloud Blog: Beyond guardrails: A taxonomy of platform engineering control mechanisms

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/application-modernization/platform-engineering-control-mechanisms/ Source: Cloud Blog Title: Beyond guardrails: A taxonomy of platform engineering control mechanisms Feedly Summary: The promise of platform engineering is to accelerate software delivery by empowering developers with self-service capabilities. However, this must be balanced with security, compliance, and operational stability, and for this, you need robust controls. But all too…

Docker: MCP Horror Stories: The GitHub Prompt Injection Data Heist

Aug 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.docker.com/blog/mcp-horror-stories-github-prompt-injection/ Source: Docker Title: MCP Horror Stories: The GitHub Prompt Injection Data Heist Feedly Summary: This is Part 3 of our MCP Horror Stories series, where we examine real-world security incidents that validate the critical vulnerabilities threatening AI infrastructure and demonstrate how Docker MCP Toolkit provides enterprise-grade protection. The Model Context Protocol (MCP)…

Microsoft Security Blog: Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/06/sharing-practical-guidance-launching-microsoft-secure-future-initiative-sfi-patterns-and-practices/ Source: Microsoft Security Blog Title: Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices Feedly Summary: We’re excited to launch SFI patterns and practices: a new library of actionable guidance designed to help organizations implement security measures at scale. This launch marks a next step in our journey to…

The Register: Vibe coding tool Cursor’s MCP implementation allows persistent code execution

Aug 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/05/mcpoison_bug_abuses_cursor_mcp/ Source: The Register Title: Vibe coding tool Cursor’s MCP implementation allows persistent code execution Feedly Summary: More evidence that AI expands the attack surface Check Point researchers uncovered a remote code execution bug in popular vibe-coding AI tool Cursor that could allow an attacker to poison developer environments by secretly modifying a…

Docker: Docker Desktop 4.43: Expanded Model Runner, Reimagined MCP Catalog, MCP Server Submissions, and Smarter Gordon

Jul 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.docker.com/blog/docker-desktop-4-43/ Source: Docker Title: Docker Desktop 4.43: Expanded Model Runner, Reimagined MCP Catalog, MCP Server Submissions, and Smarter Gordon Feedly Summary: Docker Desktop 4.43 just rolled out a set of powerful updates that simplify how developers run, manage, and secure AI models and MCP tools. Model Runner now includes better model management, expanded…

Slashdot: Trump Quietly Throws Out Biden’s Cyber Policies

Jun 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/06/10/2044217/trump-quietly-throws-out-bidens-cyber-policies?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Trump Quietly Throws Out Biden’s Cyber Policies Feedly Summary: AI Summary and Description: Yes Summary: The text discusses significant changes to cybersecurity policy initiated by President Trump that reverse or roll back several key components of the Biden administration’s cyber legacy. This shift highlights the fluctuating nature of cybersecurity…

Simon Willison’s Weblog: WWDC: Apple supercharges its tools and technologies for developers

Jun 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Jun/9/apple-wwdc/#atom-everything Source: Simon Willison’s Weblog Title: WWDC: Apple supercharges its tools and technologies for developers Feedly Summary: WWDC: Apple supercharges its tools and technologies for developers Here’s the Apple press release for today’s WWDC announcements. Two things that stood out to me: Foundation Models Framework With the Foundation Models framework, developers will be…

Tag: secure development