Experimental News Clipping Site

Tag: security vulnerability

  • Simon Willison’s Weblog: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/May/23/remote-prompt-injection-in-gitlab-duo/ Source: Simon Willison’s Weblog Title: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft Feedly Summary: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft Yet another example of the classic Markdown image exfiltration attack, this time affecting GitLab Duo – GitLab’s chatbot. Omer Mayraz reports on how…

  • The Cloudflare Blog: Resolving a request smuggling vulnerability in Pingora

    by

    Kurt Seifried
    in

    Source URL: https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-in-pingora/ Source: The Cloudflare Blog Title: Resolving a request smuggling vulnerability in Pingora Feedly Summary: Cloudflare patched a vulnerability (CVE-2025-4366) in the Pingora OSS framework, which exposed users of the framework and Cloudflare CDN’s free tier to potential request smuggling attacks. AI Summary and Description: Yes Summary: The text discusses a recently discovered…

  • The Register: Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/05/20/openpgp_js_flaw/ Source: The Register Title: Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms Feedly Summary: Update before that proof-of-concept comes to bite Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed.… AI…

  • Slashdot: Chinese Hackers Exploit SAP NetWeaver RCE Flaw

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/05/11/0544252/chinese-hackers-exploit-sap-netweaver-rce-flaw?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Chinese Hackers Exploit SAP NetWeaver RCE Flaw Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a critical security vulnerability (CVE-2025-31324) in SAP NetWeaver being exploited by an unnamed China-linked threat actor known as Chaya_004. This flaw allows remote code execution, leading to significant risks for various…

  • Slashdot: Security Researchers Create Proof-of-Concept Program that Evades Linux Syscall-Watching Antivirus

    by

    Kurt Seifried
    in

    Source URL: https://linux.slashdot.org/story/25/05/04/0455245/security-researchers-create-proof-of-concept-program-that-evades-linux-syscall-watching-antivirus Source: Slashdot Title: Security Researchers Create Proof-of-Concept Program that Evades Linux Syscall-Watching Antivirus Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a recent proof-of-concept that highlights a security vulnerability related to Linux’s io_uring interface. This interface allows applications to perform asynchronous I/O operations, but can create blind spots for…

  • Microsoft Security Blog: Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/05/01/analyzing-cve-2025-31191-a-macos-security-scoped-bookmarks-based-sandbox-escape/ Source: Microsoft Security Blog Title: Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape Feedly Summary: Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability,…