security researchers – Experimental News Clipping Site

The Register: Today’s LLMs craft exploits from patches at lightning speed

Apr 21, 2025

—

by

Source URL: https://www.theregister.com/2025/04/21/ai_models_can_generate_exploit/ Source: The Register Title: Today’s LLMs craft exploits from patches at lightning speed Feedly Summary: Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours,…

Microsoft Security Blog: Microsoft’s Secure by Design journey: One year of success

Apr 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/04/17/microsofts-secure-by-design-journey-one-year-of-success/ Source: Microsoft Security Blog Title: Microsoft’s Secure by Design journey: One year of success Feedly Summary: Read about the initiatives Microsoft has undertaken over the past 18 months to support secure by design, secure by default, and secure in operations objectives as part of our SFI Initiative. The post Microsoft’s Secure by…

Simon Willison’s Weblog: CaMeL offers a promising new direction for mitigating prompt injection attacks

Apr 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Apr/11/camel/#atom-everything Source: Simon Willison’s Weblog Title: CaMeL offers a promising new direction for mitigating prompt injection attacks Feedly Summary: In the two and a half years that we’ve been talking about prompt injection attacks I’ve seen alarmingly little progress towards a robust solution. The new paper Defeating Prompt Injections by Design from Google…

Slashdot: New Ubuntu Linux Security Bypasses Require Manual Mitigations

Mar 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/03/29/0555241/new-ubuntu-linux-security-bypasses-require-manual-mitigations?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: New Ubuntu Linux Security Bypasses Require Manual Mitigations Feedly Summary: AI Summary and Description: Yes Summary: The text discusses significant security bypasses discovered in Ubuntu Linux that could allow local attackers to exploit kernel vulnerabilities. With the involvement of cloud security researchers from Qualys, it highlights the limitations in…

The Register: Malware in Lisp? Now you’re just being cruel

Mar 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/29/malware_obscure_languages/ Source: The Register Title: Malware in Lisp? Now you’re just being cruel Feedly Summary: Miscreants warming to Delphi, Haskell, and the like to evade detection Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell.… AI Summary and Description: Yes Summary: The text discusses a…

Slashdot: Again and Again, NSO Group’s Customers Keep Getting Their Spyware Operations Caught

Mar 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://yro.slashdot.org/story/25/03/28/1915238/again-and-again-nso-groups-customers-keep-getting-their-spyware-operations-caught Source: Slashdot Title: Again and Again, NSO Group’s Customers Keep Getting Their Spyware Operations Caught Feedly Summary: AI Summary and Description: Yes Summary: The report by Amnesty International highlights ongoing cyber threats faced by journalists, particularly from the NSO Group’s Pegasus spyware. The details emphasize the rising capability of security researchers to…

Hacker News: We hacked Google’s A.I Gemini and leaked its source code (at least some part)

Mar 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.landh.tech/blog/20250327-we-hacked-gemini-source-code/ Source: Hacker News Title: We hacked Google’s A.I Gemini and leaked its source code (at least some part) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the hacker team’s experience at the Google LLM bugSWAT event, focusing on their discovery of vulnerabilities in Google’s Gemini AI model. The…

CSA: Threat Modeling OpenAI’s Responses API with MAESTRO

Mar 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloudsecurityalliance.org/blog/2025/03/24/threat-modeling-openai-s-responses-api-with-the-maestro-framework Source: CSA Title: Threat Modeling OpenAI’s Responses API with MAESTRO Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses the implications of OpenAI’s new Responses API as a significant advancement in the field of autonomous AI, notably emphasizing agentic AI’s capabilities to perform complex tasks and interactions. It introduces the…

Anchore: Contributing to Vulnerability Data: Making Security Better for Everyone

Mar 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/contributing-to-vulnerability-data-making-security-better-for-everyone/ Source: Anchore Title: Contributing to Vulnerability Data: Making Security Better for Everyone Feedly Summary: Software security depends on accurate vulnerability data. While organizations like NIST maintain the National Vulnerability Database (NVD), the sheer volume of vulnerabilities discovered daily means that sometimes data needs improvement. At Anchore, we’re working to enhance this ecosystem…

Unit 42: Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files

Mar 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/ Source: Unit 42 Title: Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files Feedly Summary: A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. The post Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files appeared first…

Tag: security researchers