Tag: security vulnerability
-
The Register: German security researchers say ‘Windows Hell No’ to Microsoft biometrics for biz
Source URL: https://www.theregister.com/2025/08/07/windows_hello_hell_no/ Source: The Register Title: German security researchers say ‘Windows Hell No’ to Microsoft biometrics for biz Feedly Summary: Hello loophole could let a rogue admin, or a pwned one, inject new facial scans Black Hat Microsoft is pushing hard for Windows users to shift from using passwords to its Hello biometrics system,…
-
Wired: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT
Source URL: https://www.wired.com/story/poisoned-document-could-leak-secret-data-chatgpt/ Source: Wired Title: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT Feedly Summary: Security researchers found a weakness in OpenAI’s Connectors, which let you hook up ChatGPT to other services, that allowed them to extract data from a Google Drive without any user interaction. AI Summary and Description: Yes Summary:…
-
The Register: Vibe coding tool Cursor’s MCP implementation allows persistent code execution
Source URL: https://www.theregister.com/2025/08/05/mcpoison_bug_abuses_cursor_mcp/ Source: The Register Title: Vibe coding tool Cursor’s MCP implementation allows persistent code execution Feedly Summary: More evidence that AI expands the attack surface Check Point researchers uncovered a remote code execution bug in popular vibe-coding AI tool Cursor that could allow an attacker to poison developer environments by secretly modifying a…
-
Simon Willison’s Weblog: Quoting @himbodhisattva
Source URL: https://simonwillison.net/2025/Aug/4/himbodhisattva/#atom-everything Source: Simon Willison’s Weblog Title: Quoting @himbodhisattva Feedly Summary: for services that wrap GPT-3, is it possible to do the equivalent of sql injection? like, a prompt-injection attack? make it think it’s completed the task and then get access to the generation, and ask it to repeat the original instruction? — @himbodhisattva,…
-
Embrace The Red: Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection
Source URL: https://embracethered.com/blog/posts/2025/chatgpt-chat-history-data-exfiltration/ Source: Embrace The Red Title: Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection Feedly Summary: In this post we demonstrate how a bypass in OpenAI’s “safe URL” rendering feature allows ChatGPT to send personal information to a third-party server. This can be exploited by an adversary via a prompt injection…
-
Slashdot: ‘Tens of Thousands’ of SharePoint Servers at Risk. Microsoft Issues No Patch
Source URL: https://it.slashdot.org/story/25/07/20/2340220/tens-of-thousands-of-sharepoint-servers-at-risk-microsoft-issues-no-patch Source: Slashdot Title: ‘Tens of Thousands’ of SharePoint Servers at Risk. Microsoft Issues No Patch Feedly Summary: AI Summary and Description: Yes Summary: The text reports on a significant cybersecurity vulnerability affecting hosted SharePoint servers, which has led to widespread breaches in various sectors, including government and private organizations. As researchers uncover…
-
Krebs on Security: DOGE Denizen Marko Elez Leaked API Key for xAI
Source URL: https://krebsonsecurity.com/2025/07/doge-denizen-marko-elez-leaked-api-key-for-xai/ Source: Krebs on Security Title: DOGE Denizen Marko Elez Leaked API Key for xAI Feedly Summary: Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland…
-
The Register: How to trick ChatGPT into revealing Windows keys? I give up
Source URL: https://www.theregister.com/2025/07/09/chatgpt_jailbreak_windows_keys/ Source: The Register Title: How to trick ChatGPT into revealing Windows keys? I give up Feedly Summary: No, really, those are the magic words A clever AI bug hunter found a way to trick ChatGPT into disclosing Windows product keys, including at least one owned by Wells Fargo bank, by inviting the…
-
Simon Willison’s Weblog: Supabase MCP can leak your entire SQL database
Source URL: https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/#atom-everything Source: Simon Willison’s Weblog Title: Supabase MCP can leak your entire SQL database Feedly Summary: Supabase MCP can leak your entire SQL database Here’s yet another example of a lethal trifecta attack, where an LLM system combines access to private data, exposure to potentially malicious instructions and a mechanism to communicate data…
-
Slashdot: Data Breach Reveals Catwatchful ‘Stalkerware’ Is Spying On Thousands of Phones
Source URL: https://yro.slashdot.org/story/25/07/03/0023253/data-breach-reveals-catwatchful-stalkerware-is-spying-on-thousands-of-phones?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Data Breach Reveals Catwatchful ‘Stalkerware’ Is Spying On Thousands of Phones Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant security vulnerability in an Android spyware operation called Catwatchful, which exposed sensitive customer data, including email addresses and plaintext passwords. This incident raises concerns regarding…