Experimental News Clipping Site

Tag: secure development practices

  • The Register: Boffins build automated Android bug hunting system

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/04/boffins_build_automated_android_bug_hunting/ Source: The Register Title: Boffins build automated Android bug hunting system Feedly Summary: AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to…

  • The Register: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/20/amazon_quietly_fixed_q_developer_flaws/ Source: The Register Title: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE Feedly Summary: Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to…

  • Embrace The Red: Amazon Q Developer: Remote Code Execution with Prompt Injection

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-remote-code-execution/ Source: Embrace The Red Title: Amazon Q Developer: Remote Code Execution with Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a popular coding agent, with over 1 million downloads. The extension is vulnerable to indirect prompt injection, and in this post we discuss a vulnerability that…

  • Docker: MCP Horror Stories: The GitHub Prompt Injection Data Heist

    by

    Kurt Seifried
    in

    Source URL: https://www.docker.com/blog/mcp-horror-stories-github-prompt-injection/ Source: Docker Title: MCP Horror Stories: The GitHub Prompt Injection Data Heist Feedly Summary: This is Part 3 of our MCP Horror Stories series, where we examine real-world security incidents that validate the critical vulnerabilities threatening AI infrastructure and demonstrate how Docker MCP Toolkit provides enterprise-grade protection. The Model Context Protocol (MCP)…

  • Docker: Docker Desktop 4.43: Expanded Model Runner, Reimagined MCP Catalog, MCP Server Submissions, and Smarter Gordon

    by

    Kurt Seifried
    in

    Source URL: https://www.docker.com/blog/docker-desktop-4-43/ Source: Docker Title: Docker Desktop 4.43: Expanded Model Runner, Reimagined MCP Catalog, MCP Server Submissions, and Smarter Gordon Feedly Summary: Docker Desktop 4.43 just rolled out a set of powerful updates that simplify how developers run, manage, and secure AI models and MCP tools.  Model Runner now includes better model management, expanded…

  • Simon Willison’s Weblog: WWDC: Apple supercharges its tools and technologies for developers

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Jun/9/apple-wwdc/#atom-everything Source: Simon Willison’s Weblog Title: WWDC: Apple supercharges its tools and technologies for developers Feedly Summary: WWDC: Apple supercharges its tools and technologies for developers Here’s the Apple press release for today’s WWDC announcements. Two things that stood out to me: Foundation Models Framework With the Foundation Models framework, developers will be…

  • OpenAI : Introducing GPT-4.1 in the API

    by

    Kurt Seifried
    in

    Source URL: https://openai.com/index/gpt-4-1 Source: OpenAI Title: Introducing GPT-4.1 in the API Feedly Summary: Introducing GPT-4.1 in the API—a new family of models with across-the-board improvements, including major gains in coding, instruction following, and long-context understanding. We’re also releasing our first nano model. Available to developers worldwide starting today. AI Summary and Description: Yes Summary: The…

  • Schneier on Security: Critical GitHub Attack

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/03/critical-github-attack.html Source: Schneier on Security Title: Critical GitHub Attack Feedly Summary: This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have originated from an…

  • Hacker News: The Insecurity of Telecom Stacks in the Wake of Salt Typhoon

    by

    Kurt Seifried
    in

    Source URL: https://soatok.blog/2025/03/12/on-the-insecurity-of-telecom-stacks-in-the-wake-of-salt-typhoon/ Source: Hacker News Title: The Insecurity of Telecom Stacks in the Wake of Salt Typhoon Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights a security vulnerability discovered in FreeSWITCH, an open-source telecom software, which could allow for remote code execution due to improper handling of HTTP requests. The…