Experimental News Clipping Site

Tag: security practices

  • Slashdot: New Claude Model Runs 30-Hour Marathon To Create 11,000-Line Slack Clone

    by

    Kurt Seifried
    in

    Source URL: https://developers.slashdot.org/story/25/09/29/1733238/new-claude-model-runs-30-hour-marathon-to-create-11000-line-slack-clone?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: New Claude Model Runs 30-Hour Marathon To Create 11,000-Line Slack Clone Feedly Summary: AI Summary and Description: Yes Summary: Anthropic’s release of Claude Sonnet 4.5 marks a significant advancement in autonomous AI capabilities, particularly in code generation and application development. This model can substantially improve productivity for developers by…

  • Wired: An App Used to Dox Charlie Kirk Critics Doxed Its Own Users Instead

    by

    Kurt Seifried
    in

    Source URL: https://www.wired.com/story/app-used-to-dox-charlie-kirk-critics-doxed-its-own-users-instead/ Source: Wired Title: An App Used to Dox Charlie Kirk Critics Doxed Its Own Users Instead Feedly Summary: Plus: A ransomeware gang steals data on 8,000 preschoolers, Microsoft blocks Israel’s military from using its cloud for surveillance, call-recording app Neon hits pause over security holes, and more. AI Summary and Description: Yes…

  • Simon Willison’s Weblog: How to stop AI’s “lethal trifecta”

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Sep/26/how-to-stop-ais-lethal-trifecta/ Source: Simon Willison’s Weblog Title: How to stop AI’s “lethal trifecta” Feedly Summary: How to stop AI’s “lethal trifecta” This is the second mention of the lethal trifecta in the Economist in just the last week! Their earlier coverage was Why AI systems may never be secure on September 22nd – I…

  • The Register: Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/26/microsoft_xcsset_macos/ Source: The Register Title: Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects Feedly Summary: Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses The long-running XCSSET malware strain has evolved again, with Microsoft warning of a new macOS variant that expands its bag of tricks while…

  • The Register: Salesforce facing multiple lawsuits after Salesloft breach

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/26/salesforce_class_actions/ Source: The Register Title: Salesforce facing multiple lawsuits after Salesloft breach Feedly Summary: CRM giant denies security shortcomings as claims allege stolen data used for ID theft Salesforce is facing a wave of lawsuits in the wake of a cyberattack that exposed customer data.… AI Summary and Description: Yes Summary: Salesforce is…

  • The Register: ‘An attacker’s playground:’ Crims exploit GoAnywhere perfect-10 bug

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/26/an_apts_playground_goanywhere_perfect10/ Source: The Register Title: ‘An attacker’s playground:’ Crims exploit GoAnywhere perfect-10 bug Feedly Summary: Researchers say tens of thousands of instances remain publicly reachable Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra’s GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.……

  • Docker: The Trust Paradox: When Your AI Gets Catfished

    by

    Kurt Seifried
    in

    Source URL: https://www.docker.com/blog/mcp-prompt-injection-trust-paradox/ Source: Docker Title: The Trust Paradox: When Your AI Gets Catfished Feedly Summary: The fundamental challenge with MCP-enabled attacks isn’t technical sophistication. It’s that hackers have figured out how to catfish your AI. These attacks work because they exploit the same trust relationships that make your development team actually functional. When your…

  • The Register: Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/26/salesforce_agentforce_forceleak_attack/ Source: The Register Title: Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales Feedly Summary: More fun with AI agents and their security holes A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers…

  • The Register: DARPA amps up effort to make AI power-conscious

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/25/dapra_ai_power_conscious/ Source: The Register Title: DARPA amps up effort to make AI power-conscious Feedly Summary: New research program seeks ‘energy-aware’ ML that balances performance with power draw It’s notoriously difficult to consistently measure the energy usage of AI models, but DARPA wants to put an end to that uncertainty with new “energy-aware" machine…