secure systems – Experimental News Clipping Site

Embrace The Red: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection

Aug 26, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/aws-kiro-aribtrary-command-execution-with-indirect-prompt-injection/ Source: Embrace The Red Title: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection Feedly Summary: On the day AWS Kiro was released, I couldn’t resist putting it through some of my Month of AI Bugs security tests for coding agents. AWS Kiro was vulnerable to arbitrary command execution via indirect prompt…

The Register: Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/19/apache_activemq_patch_malware/ Source: The Register Title: Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in Feedly Summary: Intruders hoped no one would notice their presence Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux…

The Cloudflare Blog: How TimescaleDB helped us scale analytics and reporting

Jul 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.cloudflare.com/timescaledb-art/ Source: The Cloudflare Blog Title: How TimescaleDB helped us scale analytics and reporting Feedly Summary: Cloudflare chose TimescaleDB to power its Digital Experience Monitoring and Zero Trust Analytics products. AI Summary and Description: Yes Summary: The text outlines the reasoning behind Cloudflare’s choice to use PostgreSQL and subsequently TimescaleDB for analytics within…

Simon Willison’s Weblog: Cato CTRL™ Threat Research: PoC Attack Targeting Atlassian’s Model Context Protocol (MCP) Introduces New “Living off AI” Risk

Jun 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Jun/19/atlassian-prompt-injection-mcp/ Source: Simon Willison’s Weblog Title: Cato CTRL™ Threat Research: PoC Attack Targeting Atlassian’s Model Context Protocol (MCP) Introduces New “Living off AI” Risk Feedly Summary: Cato CTRL™ Threat Research: PoC Attack Targeting Atlassian’s Model Context Protocol (MCP) Introduces New “Living off AI” Risk Stop me if you’ve heard this one before: A…

Microsoft Security Blog: Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3

Jun 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/06/05/meet-the-deputy-cisos-who-help-shape-microsofts-approach-to-cybersecurity-part-3/ Source: Microsoft Security Blog Title: Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3 Feedly Summary: Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. The post Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3 appeared first on Microsoft…

Cloud Blog: Cloud CISO Perspectives: How Google Cloud’s security team helps build securely

May 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-google-cloud-security-team-helps-build-securely/ Source: Cloud Blog Title: Cloud CISO Perspectives: How Google Cloud’s security team helps build securely Feedly Summary: Welcome to the first Cloud CISO Perspectives for May 2025. Today, Iain Mulholland, senior director, Security Engineering, pulls back the curtain on how Google Cloud approaches security engineering and how we take secure by design…

The Register: More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans

Apr 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/04/25/more_ivanti_attacks_may_be/ Source: The Register Title: More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans Feedly Summary: GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures Ivanti VPN users should stay alert as IP scanning for the vendor’s Connect Secure and…

The Register: Heterogeneous stacks, ransomware, and ITaaS: A DR nightmare

Apr 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/04/03/heterogeneity_itaas_ransomware_disaster_recovery/ Source: The Register Title: Heterogeneous stacks, ransomware, and ITaaS: A DR nightmare Feedly Summary: Recovery’s never been harder in today’s tangled, outsourced infrastructure Comment Disaster recovery is getting tougher as IT estates sprawl across on-prem gear, public cloud, SaaS, and third-party ITaaS providers. And it’s not floods or fires causing most outages…

The Register: Generative AI app goes dark after child-like deepfakes found in open S3 bucket

Apr 1, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/04/01/nudify_website_open_database/ Source: The Register Title: Generative AI app goes dark after child-like deepfakes found in open S3 bucket Feedly Summary: ‘They went silent and secured the images,’ Jeremiah Fowler tells El Reg Jeremiah Fowler, an Indiana Jones of insecure systems, says he found a trove of sexually explicit AI-generated images exposed to the…

Hacker News: The Great Chatbot Debate – March 25th

Mar 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://computerhistory.org/events/great-chatbot-debate/ Source: Hacker News Title: The Great Chatbot Debate – March 25th Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses an upcoming live debate regarding the nature of large language models (LLMs) and raises important questions about their understanding and capabilities. This discourse is relevant for professionals in AI…

Tag: secure systems