security update – Page 2 – Experimental News Clipping Site

Slashdot: FBI Warns Russian Hackers Targeted ‘Thousands’ of Critical US Infrastructure IT Systems

Aug 24, 2025

—

by

Source URL: https://news.slashdot.org/story/25/08/24/0638238/fbi-warns-russian-hackers-targeted-thousands-of-critical-us-infrastructure-it-systems?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: FBI Warns Russian Hackers Targeted ‘Thousands’ of Critical US Infrastructure IT Systems Feedly Summary: AI Summary and Description: Yes Summary: The text outlines a significant security threat posed by Russian state-sponsored hackers targeting U.S. critical infrastructure through vulnerabilities in Cisco devices. The report emphasizes the risks posed by unpatched…

Cloud Blog: Start and scale your apps faster with improved container image streaming in GKE

Aug 13, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/containers-kubernetes/improving-gke-container-image-streaming-for-faster-app-startup/ Source: Cloud Blog Title: Start and scale your apps faster with improved container image streaming in GKE Feedly Summary: In today’s fast-paced cloud-native world, the speed at which your applications can start and scale is paramount. Faster pod startup times mean quicker responses to user demand, more efficient resource utilization, and a…

Cisco Talos Blog: Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities

Aug 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/microsoft-patch-tuesday-august-2025/ Source: Cisco Talos Blog Title: Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities Feedly Summary: Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”. In this month’s release, Microsoft observed none of…

Unit 42: Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/ Source: Unit 42 Title: Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild Feedly Summary: CVE-2025-32433 allows for remote code execution in sshd for certain versions of Erlang programming language’s OTP. We reproduced this CVE and share our findings. The post Keys to the Kingdom: Erlang/OTP SSH…

Schneier on Security: Google Project Zero Changes Its Disclosure Policy

Aug 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/08/google-project-zero-changes-its-disclosure-policy.html Source: Schneier on Security Title: Google Project Zero Changes Its Disclosure Policy Feedly Summary: Google’s vulnerability finding team is again pushing the envelope of responsible disclosure: Google’s Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place,…

Embrace The Red: Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)

Aug 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/cursor-data-exfiltration-with-mermaid/ Source: Embrace The Red Title: Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132) Feedly Summary: Cursor is a popular AI code editor. In this post I want to share how I found an interesting data exfiltration issue, the demo exploits built and how it got fixed. When using Cursor I noticed that…

Simon Willison’s Weblog: More model releases on 31st July

Jul 31, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Jul/31/more-models/ Source: Simon Willison’s Weblog Title: More model releases on 31st July Feedly Summary: Here are a few more model releases from today, to round out a very busy July: Cohere released Command A Vision, their first multi-modal (image input) LLM. Like their others it’s open weights under Creative Commons Attribution Non-Commercial, so…

Microsoft Security Blog: Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability

Jul 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/07/28/sploitlight-analyzing-a-spotlight-based-macos-tcc-vulnerability/ Source: Microsoft Security Blog Title: Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability Feedly Summary: Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information…

The Register: No login? No problem: Cisco ISE flaw gave root access before fix arrived, say researchers

Jul 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/07/24/no_login_no_problem_cisco_flaw/ Source: The Register Title: No login? No problem: Cisco ISE flaw gave root access before fix arrived, say researchers Feedly Summary: Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it Threat actors have actively exploited a newly patched vulnerability in Cisco’s Identity Services…

Slashdot: VMware Prevents Some Perpetual License Holders From Downloading Patches

Jul 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://tech.slashdot.org/story/25/07/24/0125217/vmware-prevents-some-perpetual-license-holders-from-downloading-patches?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: VMware Prevents Some Perpetual License Holders From Downloading Patches Feedly Summary: AI Summary and Description: Yes Summary: The text highlights significant security implications for customers of Broadcom’s VMware business due to limited access to security patches for users with perpetual licenses lacking current support contracts. This impacts their security…

Tag: security update