Tag: Security Vulnerabilities
-
The Cloudflare Blog: Securing the AI Revolution: Introducing Cloudflare MCP Server Portals
Source URL: https://blog.cloudflare.com/zero-trust-mcp-server-portals/ Source: The Cloudflare Blog Title: Securing the AI Revolution: Introducing Cloudflare MCP Server Portals Feedly Summary: Cloudflare MCP Server Portals are now available in Open Beta. MCP Server Portals are a new capability that enable you to centralize, secure, and observe every MCP connection in your organization. AI Summary and Description: Yes…
-
Schneier on Security: Encryption Backdoor in Military/Police Radios
Source URL: https://www.schneier.com/blog/archives/2025/08/encryption-backdoor-in-military-police-radios.html Source: Schneier on Security Title: Encryption Backdoor in Military/Police Radios Feedly Summary: I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The…
-
Embrace The Red: Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)
Source URL: https://embracethered.com/blog/posts/2025/windsurf-spaiware-exploit-persistent-prompt-injection/ Source: Embrace The Red Title: Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit) Feedly Summary: In this second post about Windsurf Cascade we are exploring the SpAIware attack, which allows memory persistent data exfiltration. SpAIware is an attack we first successfully demonstrated with ChatGPT last year and OpenAI mitigated. While inspecting the system prompt…
-
Slashdot: Coinbase Reverses Remote-First Policy After North Korean Infiltration Attempts
Source URL: https://slashdot.org/story/25/08/22/1515238/coinbase-reverses-remote-first-policy-after-north-korean-infiltration-attempts?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Coinbase Reverses Remote-First Policy After North Korean Infiltration Attempts Feedly Summary: AI Summary and Description: Yes Summary: The text highlights the increasing security vulnerabilities associated with remote work policies, particularly in sensitive roles within cryptocurrency firms. It emphasizes the proactive measures taken by Coinbase to mitigate these risks, including…
-
Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets
Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…
-
The Register: Microsoft stays mum about M365 Copilot on-demand security bypass
Source URL: https://www.theregister.com/2025/08/20/microsoft_mum_about_m365_copilot/ Source: The Register Title: Microsoft stays mum about M365 Copilot on-demand security bypass Feedly Summary: Redmond doesn’t bother informing customers about some security fixes Microsoft has chosen not to tell customers about a recently patched vulnerability in M365 Copilot.… AI Summary and Description: Yes Summary: The text highlights a concerning practice by…
-
Embrace The Red: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection
Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-interprets-hidden-instructions/ Source: Embrace The Red Title: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads. In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead…