Experimental News Clipping Site

Tag: security controls

  • Embrace The Red: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/ Source: Embrace The Red Title: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) Feedly Summary: This post is about an important, but also scary, prompt injection discovery that leads to full system compromise of the developer’s machine in GitHub Copilot and VS Code. It is achieved by placing Copilot into YOLO…

  • Wired: OpenAI’s GPT-5 Is Here

    by

    Kurt Seifried
    in

    Source URL: https://www.wired.com/story/openais-gpt-5-is-here/ Source: Wired Title: OpenAI’s GPT-5 Is Here Feedly Summary: OpenAI is releasing GPT-5 on Thursday to both free users of ChatGPT and paying subscribers. AI Summary and Description: Yes Summary: The announcement of OpenAI releasing GPT-5 is significant in the realm of AI, particularly for professionals involved in AI security and infrastructure.…

  • Docker: Accelerating FedRAMP Compliance with Docker Hardened Images

    by

    Kurt Seifried
    in

    Source URL: https://www.docker.com/blog/fedramp-compliance-with-hardened-images/ Source: Docker Title: Accelerating FedRAMP Compliance with Docker Hardened Images Feedly Summary: Federal Risk and Authorization Management Program (FedRAMP) compliance costs typically range from $450,000 to over $2 million and take 12 to 18 months to achieve, time your competitors are using to capture government contracts. While you’re spending months configuring FIPS…

  • Embrace The Red: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/amp-agents-that-modify-system-configuration-and-escape/ Source: Embrace The Red Title: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed Feedly Summary: Sandbox-escape-style attacks can happen when an AI is able to modify its own configuration settings, such as by writing to configuration files. That was the case with Amp, an agentic coding tool built by Sourcegraph. The…

  • The Register: Tested: Microsoft Recall can still capture credit cards and passwords, a treasure trove for crooks

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/01/microsoft_recall_captures_credit_card_info/ Source: The Register Title: Tested: Microsoft Recall can still capture credit cards and passwords, a treasure trove for crooks Feedly Summary: Our tests have shown there are ways to get around the promised security improvements exclusive Microsoft Recall, the AI app that takes screenshots of what you do on your PC so…

  • Cloud Blog: Introducing Google Cloud Setup: Your guided pathway to a secure cloud foundation

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/devops-sre/introducing-google-cloud-setup/ Source: Cloud Blog Title: Introducing Google Cloud Setup: Your guided pathway to a secure cloud foundation Feedly Summary: Are you ready to unlock the power of Google Cloud and want guidance on how to set up your environment effectively? Whether you’re a cloud novice or part of an experienced team looking to…

  • Cloud Blog: Introducing audit-only mode for Access Transparency

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/identity-security/introducing-audit-only-mode-for-access-transparency/ Source: Cloud Blog Title: Introducing audit-only mode for Access Transparency Feedly Summary: As part of our commitment to cloud workload security and transparency, today, we’re introducing a new, lightweight audit-only mode for Access Approval to enable access approvals in an “on demand only” model. This new capability is available at no extra…