Experimental News Clipping Site

Tag: security risk

  • The Register: Honey, I shrunk the image and now I’m pwned

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/21/google_gemini_image_scaling_attack/ Source: The Register Title: Honey, I shrunk the image and now I’m pwned Feedly Summary: Google’s Gemini-powered tools tripped up by image-scaling prompt injection Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge…

  • The Register: Apple rushes out fix for active zero-day in iOS and macOS

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/21/apple_imageio_exploit/ Source: The Register Title: Apple rushes out fix for active zero-day in iOS and macOS Feedly Summary: Another ‘extremely sophisticated’ exploit chewing at Cupertino’s walled garden Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.……

  • The Register: Commvault releases patches for two nasty bug chains after exploits proven

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/20/commvault_bug_chains_patched/ Source: The Register Title: Commvault releases patches for two nasty bug chains after exploits proven Feedly Summary: Researchers disclosing their findings said ‘it’s as bad as it sounds’ Researchers at watchTowr just published working proof-of-concept exploits for two unauthenticated remote code execution bug chains in backup giant Commvault.… AI Summary and Description:…

  • The Register: ‘Limited’ data leak at Aussie telco turns out to be 280K customer details

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/20/tpg_telecom_iinet_breach/ Source: The Register Title: ‘Limited’ data leak at Aussie telco turns out to be 280K customer details Feedly Summary: iiNet breach blamed on single stolen login, with emails, phone numbers, and addresses exposed Aussie telco giant TPG Telecom has opened an investigation after confirming a cyberattack at subsidiary iiNet.… AI Summary and…

  • Embrace The Red: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-interprets-hidden-instructions/ Source: Embrace The Red Title: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads. In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead…

  • Schneier on Security: Subverting AIOps Systems Through Poisoned Input Data

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/08/subverting-aiops-systems-through-poisoned-input-data.html Source: Schneier on Security Title: Subverting AIOps Systems Through Poisoned Input Data Feedly Summary: In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts,…

  • Wired: AI Isn’t Coming for Hollywood. It Has Already Arrived

    by

    Kurt Seifried
    in

    Source URL: https://www.wired.com/story/artificial-intelligence-hollywood-stability/ Source: Wired Title: AI Isn’t Coming for Hollywood. It Has Already Arrived Feedly Summary: An early winner in the generative AI wars was near collapse—then bet everything on a star-studded comeback. Can Stability AI beat the competition? AI Summary and Description: Yes Summary: The text discusses Stability AI’s significant challenges and recovery…