Tag: software
-
Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets
Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…
-
The Register: Perplexity’s Comet browser naively processed pages with evil instructions
Source URL: https://www.theregister.com/2025/08/20/perplexity_comet_browser_prompt_injection/ Source: The Register Title: Perplexity’s Comet browser naively processed pages with evil instructions Feedly Summary: Rival Brave flags prompt injection vulnerability, now patched To the surprise of no one in the security industry, processing untrusted, unvalidated input is a bad idea.… AI Summary and Description: Yes Summary: The text discusses a recently…
-
Embrace The Red: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection
Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-interprets-hidden-instructions/ Source: Embrace The Red Title: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads. In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead…
-
Schneier on Security: Subverting AIOps Systems Through Poisoned Input Data
Source URL: https://www.schneier.com/blog/archives/2025/08/subverting-aiops-systems-through-poisoned-input-data.html Source: Schneier on Security Title: Subverting AIOps Systems Through Poisoned Input Data Feedly Summary: In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts,…
-
The Register: Open the pod bay door, GPT-4o
Source URL: https://www.theregister.com/2025/08/20/gpt4o_pod_bay_door/ Source: The Register Title: Open the pod bay door, GPT-4o Feedly Summary: Researchers use LLM in ‘AI Space Cortex’ to automate robotic extraterrestrial exploration Businesses may be struggling to find meaningful ways to use artificial intelligence software, but space scientists at least have a few ideas about how to deploy AI models.……