Tag: sensitive information

  • Embrace The Red: Data Exfiltration via Image Rendering Fixed in Amp Code

    Source URL: https://embracethered.com/blog/posts/2025/amp-code-fixed-data-exfiltration-via-images/ Source: Embrace The Red Title: Data Exfiltration via Image Rendering Fixed in Amp Code Feedly Summary: In this post we discuss a vulnerability that was present in Amp Code from Sourcegraph by which an attacker could exploit markdown driven image rendering to exfiltrate sensitive information. This vulnerability is common in AI applications…

  • The Register: Typhoon-adjacent Chinese crew broke into Taiwanese web host

    Source URL: https://www.theregister.com/2025/08/15/typhoonadjacent_chinese_crew_taiwan_web_servers/ Source: The Register Title: Typhoon-adjacent Chinese crew broke into Taiwanese web host Feedly Summary: Is that a JuicyPotato on your network? A suspected Chinese-government-backed cyber crew recently broke into a Taiwanese web hosting provider to steal credentials and plant backdoors for long-term access, using a mix of open-source and custom software tools,…

  • Cisco Talos Blog: UAT-7237 targets Taiwanese web hosting infrastructure

    Source URL: https://blog.talosintelligence.com/uat-7237-targets-web-hosting-infra/ Source: Cisco Talos Blog Title: UAT-7237 targets Taiwanese web hosting infrastructure Feedly Summary: Cisco Talos discovered UAT-7237, a Chinese-speaking advanced persistent threat (APT) group active since at least 2022, which has significant overlaps with UAT-5918. AI Summary and Description: Yes Summary: The text discusses the activities of UAT-7237, a Chinese-speaking advanced persistent…

  • Cisco Talos Blog: What happened in Vegas (that you actually want to know about)

    Source URL: https://blog.talosintelligence.com/what-happened-in-vegas-that-you-actually-want-to-know-about/ Source: Cisco Talos Blog Title: What happened in Vegas (that you actually want to know about) Feedly Summary: Hazel braves Vegas, overpriced water and the Black Hat maze to bring you Talos’ latest research — including a deep dive into the PS1Bot malware campaign. AI Summary and Description: Yes Summary: This newsletter…

  • Embrace The Red: Claude Code: Data Exfiltration with DNS Requests

    Source URL: https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/ Source: Embrace The Red Title: Claude Code: Data Exfiltration with DNS Requests Feedly Summary: Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g.…

  • The Register: The inside story of the Telemessage saga, and how you can view the data

    Source URL: https://www.theregister.com/2025/08/10/telemessage_archive_online/ Source: The Register Title: The inside story of the Telemessage saga, and how you can view the data Feedly Summary: It turns out no one was clean on OPSEC DEF CON On Saturday at DEF CON, security boffin Micah Lee explained just how he hacked into TeleMessage, the supposedly secure messaging app…

  • Cisco Talos Blog: ReVault! When your SoC turns against you… deep dive edition

    Source URL: https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you-2/ Source: Cisco Talos Blog Title: ReVault! When your SoC turns against you… deep dive edition Feedly Summary: Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.  AI Summary and Description: Yes **Summary:** The text conducts an in-depth analysis…

  • Docker: Remocal and Minimum Viable Models: Why Right-Sized Models Beat API Overkill

    Source URL: https://www.docker.com/blog/remocal-minimum-viable-models-ai/ Source: Docker Title: Remocal and Minimum Viable Models: Why Right-Sized Models Beat API Overkill Feedly Summary: A practical approach to escaping the expensive, slow world of API-dependent AI The $20K Monthly Reality Check You built a simple sentiment analyzer for customer reviews. It works great. Except it costs $847/month in API calls…

  • Embrace The Red: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets

    Source URL: https://embracethered.com/blog/posts/2025/openhands-the-lethal-trifecta-strikes-again/ Source: Embrace The Red Title: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets Feedly Summary: Another day, another AI data exfiltration exploit. Today we talk about OpenHands, formerly referred to as OpenDevin initially. It’s created by All-Hands AI. OpenHands renders images in chat, which enables zero-click data exfiltration during prompt injection…