Experimental News Clipping Site

Tag: security risk

  • Embrace The Red: Claude Code: Data Exfiltration with DNS Requests

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/ Source: Embrace The Red Title: Claude Code: Data Exfiltration with DNS Requests Feedly Summary: Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g.…

  • Unit 42: Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild

    by

    Kurt Seifried
    in

    Source URL: https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/ Source: Unit 42 Title: Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild Feedly Summary: CVE-2025-32433 allows for remote code execution in sshd for certain versions of Erlang programming language’s OTP. We reproduced this CVE and share our findings. The post Keys to the Kingdom: Erlang/OTP SSH…

  • Slashdot: How Python is Fighting Open Source’s ‘Phantom’ Dependencies Problem

    by

    Kurt Seifried
    in

    Source URL: https://developers.slashdot.org/story/25/08/11/025214/how-python-is-fighting-open-sources-phantom-dependencies-problem?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: How Python is Fighting Open Source’s ‘Phantom’ Dependencies Problem Feedly Summary: AI Summary and Description: Yes Summary: The Python Software Foundation is addressing the “phantom dependencies” issue in software packages by introducing the Software Bill-of-Materials (SBOM) through Python Enhancement Proposal 770. This initiative enhances metadata accessibility, making it easier…

  • Embrace The Red: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/openhands-remote-code-execution-zombai/ Source: Embrace The Red Title: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution Feedly Summary: Today we have another post about OpenHands from All Hands AI. It is a popular agent, initially named “OpenDevin”, and recently the company also provides a cloud-based service. Which is all pretty cool and exciting. Prompt…

  • Embrace The Red: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/openhands-the-lethal-trifecta-strikes-again/ Source: Embrace The Red Title: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets Feedly Summary: Another day, another AI data exfiltration exploit. Today we talk about OpenHands, formerly referred to as OpenDevin initially. It’s created by All-Hands AI. OpenHands renders images in chat, which enables zero-click data exfiltration during prompt injection…

  • The Register: OpenAI’s GPT-5 is here with up to 80% fewer hallucinations

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/07/openai_gpt_5/ Source: The Register Title: OpenAI’s GPT-5 is here with up to 80% fewer hallucinations Feedly Summary: That totally makes up for the single-digit benchmark gains, right? OpenAI unveiled its most capable model yet on Thursday with the launch of GPT-5.… AI Summary and Description: Yes Summary: The announcement of OpenAI’s GPT-5 represents…

  • Slashdot: Encryption Made For Police and Military Radios May Be Easily Cracked

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/08/07/217234/encryption-made-for-police-and-military-radios-may-be-easily-cracked Source: Slashdot Title: Encryption Made For Police and Military Radios May Be Easily Cracked Feedly Summary: AI Summary and Description: Yes Summary: The text highlights critical vulnerabilities in an encryption algorithm widely used in radios for essential sectors, including law enforcement and military. After researchers discovered a backdoor in the original algorithm,…

  • OpenAI : Introducing GPT-5 for developers

    by

    Kurt Seifried
    in

    Source URL: https://openai.com/index/introducing-gpt-5-for-developers Source: OpenAI Title: Introducing GPT-5 for developers Feedly Summary: Introducing GPT-5 in our API platform—offering high reasoning performance, new controls for devs, and best-in-class results on real coding tasks. AI Summary and Description: Yes Summary: The introduction of GPT-5 on an API platform highlights significant advancements in AI capabilities, particularly in reasoning…

  • Embrace The Red: How Devin AI Can Leak Your Secrets Via Multiple Means

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/devin-can-leak-your-secrets/ Source: Embrace The Red Title: How Devin AI Can Leak Your Secrets Via Multiple Means Feedly Summary: In this post we show how an attacker can make Devin send sensitive information to third-party servers, via multiple means. This post assumes that you read the first post about Devin as well. But here…