Tag: software development
-
Embrace The Red: How Prompt Injection Exposes Manus’ VS Code Server to the Internet
Source URL: https://embracethered.com/blog/posts/2025/manus-ai-kill-chain-expose-port-vs-code-server-on-internet/ Source: Embrace The Red Title: How Prompt Injection Exposes Manus’ VS Code Server to the Internet Feedly Summary: Today we will cover a powerful, easy to use, autonomous agent called Manus. Manus is developed by the Chinese startup Monica, based in Singapore. This post demonstrates an end-to-end indirect prompt injection attack leading…
-
Embrace The Red: Sneaking Invisible Instructions by Developers in Windsurf
Source URL: https://embracethered.com/blog/posts/2025/windsurf-sneaking-invisible-instructions-for-prompt-injection/ Source: Embrace The Red Title: Sneaking Invisible Instructions by Developers in Windsurf Feedly Summary: Imagine a malicious instruction hidden in plain sight, invisible to you but not to the AI. This is a vulnerability discovered in Windsurf Cascade, it follows invisible instructions. This means there can be instructions in a file or…
-
Cloud Blog: Don’t just speculate, investigate! Gemini Cloud Assist now offers root-cause analysis
Source URL: https://cloud.google.com/blog/products/management-tools/gemini-cloud-assist-investigations-performs-root-cause-analysis/ Source: Cloud Blog Title: Don’t just speculate, investigate! Gemini Cloud Assist now offers root-cause analysis Feedly Summary: Debugging in a complex, distributed cloud environment can feel like searching for a needle in a haystack. The sheer volume of data, intertwined dependencies, and ephemeral issues make traditional troubleshooting methods time-consuming and often reactive.…
-
The Register: Criminal background checker APCS faces data breach
Source URL: https://www.theregister.com/2025/08/22/apcs_breach/ Source: The Register Title: Criminal background checker APCS faces data breach Feedly Summary: The attack first affected an upstream provider of bespoke software Exclusive A leading UK provider of criminal record checks for employers is handling a data breach stemming from a third-party development company.… AI Summary and Description: Yes Summary: The…
-
The Register: Apple rushes out fix for active zero-day in iOS and macOS
Source URL: https://www.theregister.com/2025/08/21/apple_imageio_exploit/ Source: The Register Title: Apple rushes out fix for active zero-day in iOS and macOS Feedly Summary: Another ‘extremely sophisticated’ exploit chewing at Cupertino’s walled garden Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.……
-
The Register: Perplexity’s Comet browser naively processed pages with evil instructions
Source URL: https://www.theregister.com/2025/08/20/perplexity_comet_browser_prompt_injection/ Source: The Register Title: Perplexity’s Comet browser naively processed pages with evil instructions Feedly Summary: Rival Brave flags prompt injection vulnerability, now patched To the surprise of no one in the security industry, processing untrusted, unvalidated input is a bad idea.… AI Summary and Description: Yes Summary: The text discusses a recently…