system compromise – Experimental News Clipping Site

The Register: Attackers snooping around Sitecore, dropping malware via public sample keys

Sep 4, 2025

—

by

Source URL: https://www.theregister.com/2025/09/04/unknown_miscreants_snooping_around_sitecore/ Source: The Register Title: Attackers snooping around Sitecore, dropping malware via public sample keys Feedly Summary: You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping…

Bulletins: Vulnerability Summary for the Week of August 25, 2025

Sep 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-245 Source: Bulletins Title: Vulnerability Summary for the Week of August 25, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects–Online Project Report Submission and Evaluation System A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown…

The Register: Fake CAPTCHA tests trick users into running malware

Aug 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/22/clickfix_report/ Source: The Register Title: Fake CAPTCHA tests trick users into running malware Feedly Summary: ClickFix tricks Microsoft’s security team has published an in-depth report into ClickFix, the social engineering attack which tricks users into executing malicious commands in the guise of proving their humanity.… AI Summary and Description: Yes Summary: Microsoft’s security…

Embrace The Red: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-interprets-hidden-instructions/ Source: Embrace The Red Title: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads. In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead…

The Register: Italian hotels breached en masse since June, government confirms

Aug 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/14/italian_hotels_breached_en_masse/ Source: The Register Title: Italian hotels breached en masse since June, government confirms Feedly Summary: Nearly 100,000 records allegedly up for sale after apparent breach at booking system Italy’s digital agency (AGID) says a cybercriminal’s claims concerning a spate of data thefts affecting various hotels across the country are genuine.… AI Summary…

Embrace The Red: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)

Aug 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/ Source: Embrace The Red Title: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) Feedly Summary: This post is about an important, but also scary, prompt injection discovery that leads to full system compromise of the developer’s machine in GitHub Copilot and VS Code. It is achieved by placing Copilot into YOLO…

Embrace The Red: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution

Aug 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/openhands-remote-code-execution-zombai/ Source: Embrace The Red Title: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution Feedly Summary: Today we have another post about OpenHands from All Hands AI. It is a popular agent, initially named “OpenDevin”, and recently the company also provides a cloud-based service. Which is all pretty cool and exciting. Prompt…

The Register: Chained bugs in Nvidia’s Triton Inference Server lead to full system compromise

Aug 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/05/nvidia_triton_bug_chain/ Source: The Register Title: Chained bugs in Nvidia’s Triton Inference Server lead to full system compromise Feedly Summary: Wiz Research details flaws in Python backend that expose AI models and enable remote code execution Security researchers have lifted the lid on a chain of high-severity vulnerabilities that could lead to remote code…

Cisco Talos Blog: Cisco Talos at Black Hat 2025: Briefings, booth talks and what to expect

Jul 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/cisco-talos-at-black-hat-2025-briefings-booth-talks-and-what-to-expect/ Source: Cisco Talos Blog Title: Cisco Talos at Black Hat 2025: Briefings, booth talks and what to expect Feedly Summary: Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you’re interested in what we’re seeing in the threat landscape, detection…

The Register: Freelance dev shop Toptal caught serving malware after GitHub account break-in

Jul 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/07/25/toptal_malware_attack/ Source: The Register Title: Freelance dev shop Toptal caught serving malware after GitHub account break-in Feedly Summary: Malicious code lurking in over 5,000 downloads, says Socket researcher Developer freelancing platform Toptal has been inadvertently spreading malicious code after attackers broke into its systems and began distributing malware through developer accounts.… AI Summary…

Tag: system compromise