security practices – Page 14 – Experimental News Clipping Site

Unit 42: Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth

Aug 21, 2025

—

by

Source URL: https://unit42.paloaltonetworks.com/attackers-sell-your-bandwidth-using-sdks/ Source: Unit 42 Title: Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth Feedly Summary: A campaign leverages CVE-2024-36401 to stealthily monetize victims’ bandwidth where legitimate software development kits (SDKs) are deployed for passive income. The post Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth…

Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…

Slashdot: Meta Freezes AI Hiring

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://tech.slashdot.org/story/25/08/21/0227208/meta-freezes-ai-hiring?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Meta Freezes AI Hiring Feedly Summary: AI Summary and Description: Yes Summary: Meta’s pause on hiring in its artificial intelligence division highlights a significant shift in their organizational strategy as they aim to refine their approach to developing superintelligence. This is particularly relevant for professionals in AI and organizational…

The Register: Microsoft stays mum about M365 Copilot on-demand security bypass

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/microsoft_mum_about_m365_copilot/ Source: The Register Title: Microsoft stays mum about M365 Copilot on-demand security bypass Feedly Summary: Redmond doesn’t bother informing customers about some security fixes Microsoft has chosen not to tell customers about a recently patched vulnerability in M365 Copilot.… AI Summary and Description: Yes Summary: The text highlights a concerning practice by…

The Register: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/amazon_quietly_fixed_q_developer_flaws/ Source: The Register Title: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE Feedly Summary: Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to…

The Register: Perplexity’s Comet browser naively processed pages with evil instructions

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/perplexity_comet_browser_prompt_injection/ Source: The Register Title: Perplexity’s Comet browser naively processed pages with evil instructions Feedly Summary: Rival Brave flags prompt injection vulnerability, now patched To the surprise of no one in the security industry, processing untrusted, unvalidated input is a bad idea.… AI Summary and Description: Yes Summary: The text discusses a recently…

The Register: Commvault releases patches for two nasty bug chains after exploits proven

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/commvault_bug_chains_patched/ Source: The Register Title: Commvault releases patches for two nasty bug chains after exploits proven Feedly Summary: Researchers disclosing their findings said ‘it’s as bad as it sounds’ Researchers at watchTowr just published working proof-of-concept exploits for two unauthenticated remote code execution bug chains in backup giant Commvault.… AI Summary and Description:…

The Register: ‘Limited’ data leak at Aussie telco turns out to be 280K customer details

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/tpg_telecom_iinet_breach/ Source: The Register Title: ‘Limited’ data leak at Aussie telco turns out to be 280K customer details Feedly Summary: iiNet breach blamed on single stolen login, with emails, phone numbers, and addresses exposed Aussie telco giant TPG Telecom has opened an investigation after confirming a cyberattack at subsidiary iiNet.… AI Summary and…

Cloud Blog: Going beyond basic data security with Google Cloud DSPM

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/going-beyond-dspm-to-protect-your-data-in-the-cloud-now-in-preview/ Source: Cloud Blog Title: Going beyond basic data security with Google Cloud DSPM Feedly Summary: In the age of data democratization and generative AI, the way organizations handle data has changed dramatically. This evolution creates opportunities — and security risks. The challenge for security teams isn’t just about protecting data; it’s about…

Cloud Blog: A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor/ Source: Cloud Blog Title: A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor Feedly Summary: Written by: Marco Galli Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the “Frontline Bulletin" series brings you the latest on the most intriguing compromises we are seeing in the wild right now, equipping our community…

Tag: security practices