Tag: security professionals

Source URL: https://www.theregister.com/2025/08/04/infosec_in_brief/ Source: The Register Title: Lazarus Group rises again, this time with malware-laden fake FOSS Feedly Summary: PLUS: Slow MFA rollout costs Canucks $5m; Lawmakers ponder Stingray ban; MSFT tightens Teams; And more! Infosec In Brief North Korea’s Lazarus Group has changed tactics and is now creating malware-laden open source software.… AI Summary…

Embrace The Red: Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation

Aug 3, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/anthropic-filesystem-mcp-server-bypass/ Source: Embrace The Red Title: Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation Feedly Summary: A few months ago I was looking at the filesystem MCP server from Anthropic. The server allows to give an AI, like Claude Desktop, access to the local filesystem to read files or edit…

Embrace The Red: Turning ChatGPT Codex Into A ZombAI Agent

Aug 2, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/chatgpt-codex-remote-control-zombai/ Source: Embrace The Red Title: Turning ChatGPT Codex Into A ZombAI Agent Feedly Summary: Today we cover ChatGPT Codex as part of the Month of AI Bugs series. ChatGPT Codex is a cloud-based software engineering agent that answers codebase questions, executes code, and drafts pull requests. In particular, this post will demonstrate…

The Register: Rampant emoji use suggests crypto-stealing NPM package was written by AI

—

by

Source URL: https://www.theregister.com/2025/08/01/emoji_use_ai_malware/ Source: The Register Title: Rampant emoji use suggests crypto-stealing NPM package was written by AI Feedly Summary: Kodane code was either machine-generated or done by a teenager An NPM package packed with cryptocurrency-stealing malware appears to have been largely AI-generated, as evidenced by its liberal use of emojis and other telltale signs.……

The Register: Tested: Microsoft Recall can still capture credit cards and passwords, a treasure trove for crooks

—

by

Source URL: https://www.theregister.com/2025/08/01/microsoft_recall_captures_credit_card_info/ Source: The Register Title: Tested: Microsoft Recall can still capture credit cards and passwords, a treasure trove for crooks Feedly Summary: Our tests have shown there are ways to get around the promised security improvements exclusive Microsoft Recall, the AI app that takes screenshots of what you do on your PC so…

The Register: China says US spies exploited Microsoft Exchange zero-day to steal military info

—

by

Source URL: https://www.theregister.com/2025/08/01/china_us_intel_attacks/ Source: The Register Title: China says US spies exploited Microsoft Exchange zero-day to steal military info Feedly Summary: Spy vs. spy China has accused US intelligence agencies of exploiting a Microsoft Exchange zero-day exploit to steal defense-related data and take over more than 50 devices belonging to a “major Chinese military enterprise"…

Simon Willison’s Weblog: Deep Think in the Gemini app

—

by

Source URL: https://simonwillison.net/2025/Aug/1/deep-think-in-the-gemini-app/ Source: Simon Willison’s Weblog Title: Deep Think in the Gemini app Feedly Summary: Deep Think in the Gemini app Google released Gemini 2.5 Deep Think this morning, exclusively to their Ultra ($250/month) subscribers: It is a variation of the model that recently achieved the gold-medal standard at this year’s International Mathematical Olympiad…

Embrace The Red: Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection

—

by

Source URL: https://embracethered.com/blog/posts/2025/chatgpt-chat-history-data-exfiltration/ Source: Embrace The Red Title: Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection Feedly Summary: In this post we demonstrate how a bypass in OpenAI’s “safe URL” rendering feature allows ChatGPT to send personal information to a third-party server. This can be exploited by an adversary via a prompt injection…

The Cloudflare Blog: Vulnerability disclosure on SSL for SaaS v1 (Managed CNAME)

—

by