Experimental News Clipping Site

Tag: threat

  • Embrace The Red: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/openhands-the-lethal-trifecta-strikes-again/ Source: Embrace The Red Title: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets Feedly Summary: Another day, another AI data exfiltration exploit. Today we talk about OpenHands, formerly referred to as OpenDevin initially. It’s created by All-Hands AI. OpenHands renders images in chat, which enables zero-click data exfiltration during prompt injection…

  • Simon Willison’s Weblog: When a Jira Ticket Can Steal Your Secrets

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Aug/9/when-a-jira-ticket-can-steal-your-secrets/ Source: Simon Willison’s Weblog Title: When a Jira Ticket Can Steal Your Secrets Feedly Summary: When a Jira Ticket Can Steal Your Secrets Zenity Labs describe a classic lethal trifecta attack, this time against Cursor, MCP, Jira and Zendesk. They also have a short video demonstrating the issue. Zendesk support emails are…

  • Slashdot: AI Industry Horrified To Face Largest Copyright Class Action Ever Certified

    by

    Kurt Seifried
    in

    Source URL: https://yro.slashdot.org/story/25/08/08/2040214/ai-industry-horrified-to-face-largest-copyright-class-action-ever-certified?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: AI Industry Horrified To Face Largest Copyright Class Action Ever Certified Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses the potential repercussions of a major copyright class action lawsuit against Anthropic, which could significantly impact the entire AI industry. Claims from industry groups suggest that if…

  • Embrace The Red: How Devin AI Can Leak Your Secrets Via Multiple Means

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/devin-can-leak-your-secrets/ Source: Embrace The Red Title: How Devin AI Can Leak Your Secrets Via Multiple Means Feedly Summary: In this post we show how an attacker can make Devin send sensitive information to third-party servers, via multiple means. This post assumes that you read the first post about Devin as well. But here…

  • Microsoft Security Blog: Announcing public preview: Phishing triage agent in Microsoft Defender

    by

    Kurt Seifried
    in

    Source URL: https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/announcing-public-preview-phishing-triage-agent-in-microsoft-defender/4438301 Source: Microsoft Security Blog Title: Announcing public preview: Phishing triage agent in Microsoft Defender Feedly Summary: The Phishing Triage Agent in Microsoft Defender is now available in Public Preview. It tackles one of the most repetitive tasks in the SOC: handling reports of user-submitted phish. The post Announcing public preview: Phishing triage…

  • The Register: CISA releases malware analysis for Sharepoint Server attack

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/07/cisa_releases_malware_analysis/ Source: The Register Title: CISA releases malware analysis for Sharepoint Server attack Feedly Summary: Indications of compromise and Sigma rules report for your security scanners amid ongoing ‘ToolShell’ blitz CISA has published a malware analysis report with compromise indicators and Sigma rules for “ToolShell" attacks targeting specific Microsoft SharePoint Server versions.… AI…

  • Cisco Security Blog: Improving Cloud-VPN Resiliency to DoS Attacks With IKE Throttling

    by

    Kurt Seifried
    in

    Source URL: https://blogs.cisco.com/security/improving-cloud-vpn-resiliency-to-dos-attacks-with-ike-throttling Source: Cisco Security Blog Title: Improving Cloud-VPN Resiliency to DoS Attacks With IKE Throttling Feedly Summary: Explore a network-layer throttling mechanism to improve the resiliency of Cloud VPNs IKE servers, which are typically subject to IKE flood attacks. AI Summary and Description: Yes Summary: The text addresses a network-layer throttling mechanism aimed…