security vulnerability – Page 2 – Experimental News Clipping Site

Embrace The Red: Sneaking Invisible Instructions by Developers in Windsurf

Aug 24, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/windsurf-sneaking-invisible-instructions-for-prompt-injection/ Source: Embrace The Red Title: Sneaking Invisible Instructions by Developers in Windsurf Feedly Summary: Imagine a malicious instruction hidden in plain sight, invisible to you but not to the AI. This is a vulnerability discovered in Windsurf Cascade, it follows invisible instructions. This means there can be instructions in a file or…

The Register: Honey, I shrunk the image and now I’m pwned

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/21/google_gemini_image_scaling_attack/ Source: The Register Title: Honey, I shrunk the image and now I’m pwned Feedly Summary: Google’s Gemini-powered tools tripped up by image-scaling prompt injection Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge…

Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…

The Register: Microsoft stays mum about M365 Copilot on-demand security bypass

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/microsoft_mum_about_m365_copilot/ Source: The Register Title: Microsoft stays mum about M365 Copilot on-demand security bypass Feedly Summary: Redmond doesn’t bother informing customers about some security fixes Microsoft has chosen not to tell customers about a recently patched vulnerability in M365 Copilot.… AI Summary and Description: Yes Summary: The text highlights a concerning practice by…

Schneier on Security: Subverting AIOps Systems Through Poisoned Input Data

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/08/subverting-aiops-systems-through-poisoned-input-data.html Source: Schneier on Security Title: Subverting AIOps Systems Through Poisoned Input Data Feedly Summary: In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts,…

Embrace The Red: Amazon Q Developer: Remote Code Execution with Prompt Injection

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-remote-code-execution/ Source: Embrace The Red Title: Amazon Q Developer: Remote Code Execution with Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a popular coding agent, with over 1 million downloads. The extension is vulnerable to indirect prompt injection, and in this post we discuss a vulnerability that…

The Register: Don’t want drive-by Ollama attackers snooping on your local chats? Patch now

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/19/ollama_driveby_attack/ Source: The Register Title: Don’t want drive-by Ollama attackers snooping on your local chats? Patch now Feedly Summary: Reconfigure local app settings via a ‘simple’ POST request A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people’s personal…

Embrace The Red: Data Exfiltration via Image Rendering Fixed in Amp Code

Aug 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amp-code-fixed-data-exfiltration-via-images/ Source: Embrace The Red Title: Data Exfiltration via Image Rendering Fixed in Amp Code Feedly Summary: In this post we discuss a vulnerability that was present in Amp Code from Sourcegraph by which an attacker could exploit markdown driven image rendering to exfiltrate sensitive information. This vulnerability is common in AI applications…

The Register: Cisco’s Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/15/cisco_secure_firewall_management_bug/ Source: The Register Title: Cisco’s Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole Feedly Summary: Switchzilla’s summer of perfect 10s Cisco has issued a patch for a maximum-severity bug in its Secure Firewall Management Center (FMC) software that could allow an unauthenticated, remote attacker to inject arbitrary…

Cloud Blog: Monitor your databases on Compute Engine with Database Center

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/databases/database-center-expands-coverage/ Source: Cloud Blog Title: Monitor your databases on Compute Engine with Database Center Feedly Summary: Database Center is an AI-powered unified fleet management solution that can help you identify and address security risks, performance bottlenecks, and reliability issues for Google Cloud databases including Cloud SQL, AlloyDB, Spanner, Bigtable, Memorystore, and Firestore. Today,…

Tag: security vulnerability