security audits – Experimental News Clipping Site

The Register: No gains, just pains as 1.6M fitness phone call recordings exposed online

Sep 9, 2025

—

by

Source URL: https://www.theregister.com/2025/09/09/gym_audio_recordings_exposed/ Source: The Register Title: No gains, just pains as 1.6M fitness phone call recordings exposed online Feedly Summary: HelloGym’s data security clearly skipped leg day Exclusive Sensitive info from hundreds of thousands of gym customers and staff – including names, financial details, and potentially biometric data in the form of audio recordings…

The Register: ‘Limited’ data leak at Aussie telco turns out to be 280K customer details

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/tpg_telecom_iinet_breach/ Source: The Register Title: ‘Limited’ data leak at Aussie telco turns out to be 280K customer details Feedly Summary: iiNet breach blamed on single stolen login, with emails, phone numbers, and addresses exposed Aussie telco giant TPG Telecom has opened an investigation after confirming a cyberattack at subsidiary iiNet.… AI Summary and…

Embrace The Red: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-interprets-hidden-instructions/ Source: Embrace The Red Title: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads. In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead…

The Register: Intel ghosts researcher who found web apps spilled 270K staff records

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/intel_website_flaws/ Source: The Register Title: Intel ghosts researcher who found web apps spilled 270K staff records Feedly Summary: Chipzilla quietly fixed the problems without responding to the person who found them Security boffin Eaton Zveare has highlighted some serious holes in the online infrastructure of chip giant Intel – walking through services with…

Cloud Blog: Now available: Cloud HSM as an encryption key service for Workspace client-side encryption

Aug 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/introducing-cloud-hsm-as-an-encryption-key-service-for-workspace-cse/ Source: Cloud Blog Title: Now available: Cloud HSM as an encryption key service for Workspace client-side encryption Feedly Summary: Organizations in highly-regulated sectors, such as government, defense, financial services, and healthcare, are required to meet stringent standards to safeguard sensitive data. Client-side encryption (CSE) for Google Workspace is a unique, privacy-preserving offering…

Slashdot: Remember the Companies Making Vital Open Source Contributions

Aug 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://news.slashdot.org/story/25/08/16/1749228/remember-the-companies-making-vital-open-source-contributions?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Remember the Companies Making Vital Open Source Contributions Feedly Summary: AI Summary and Description: Yes Summary: The text highlights the critical role of large tech companies in contributing to open-source projects, emphasizing that their involvement often stems from self-interest rather than altruism. It underscores how significant contributions from companies…

Unit 42: When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/badsuccessor-attack-vector/ Source: Unit 42 Title: When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory Feedly Summary: BadSuccessor is an attack vector in Windows Server 2025. Under certain conditions it allows privilege elevation via dMSAs. We analyze its mechanics. The post When Good Accounts Go Bad: Exploiting Delegated Managed Service…

Embrace The Red: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed

Aug 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amp-agents-that-modify-system-configuration-and-escape/ Source: Embrace The Red Title: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed Feedly Summary: Sandbox-escape-style attacks can happen when an AI is able to modify its own configuration settings, such as by writing to configuration files. That was the case with Amp, an agentic coding tool built by Sourcegraph. The…

Wired: A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User—Including Diplomats

Jul 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.wired.com/story/luggage-service-web-bugs-exposed-travel-plans-users-diplomats-airportr/ Source: Wired Title: A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User—Including Diplomats Feedly Summary: Security flaws in Airportr, a door-to-door luggage checking service used by 10 airlines, let hackers access user data and even gain privileges that would have let them redirect or steal luggage. AI Summary…

CSA: Compliance: Cost Center or Growth Trigger?

Jul 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://prescientsecurity.com/blogs/compliance-cost-center-or-growth-trigger Source: CSA Title: Compliance: Cost Center or Growth Trigger? Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses the importance of compliance for startups, particularly in the context of security and sales growth. It emphasizes that compliance shouldn’t be viewed merely as a regulatory burden but as a strategic asset…

Tag: security audits