Experimental News Clipping Site

Tag: threats

  • The Cloudflare Blog: Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1

    by

    Kurt Seifried
    in

    Source URL: https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/ Source: The Cloudflare Blog Title: Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1 Feedly Summary: Unauthorized TLS certificates were issued for 1.1.1.1 by a Certification Authority without permission from Cloudflare. These rogue certificates have now been revoked. AI Summary and Description: Yes Summary: The text describes a serious incident involving…

  • Schneier on Security: Generative AI as a Cybercrime Assistant

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/09/generative-ai-as-a-cybercrime-assistant.html Source: Schneier on Security Title: Generative AI as a Cybercrime Assistant Feedly Summary: Anthropic reports on a Claude user: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services,…

  • The Register: Congressional panel throws cyber threat intel-sharing, funding a lifeline

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/04/cyber_threat_intelsharing_funding_lifeline/ Source: The Register Title: Congressional panel throws cyber threat intel-sharing, funding a lifeline Feedly Summary: Clock is ticking US security leaders have urged lawmakers to reauthorize two key pieces of cyber legislation, including one that facilitates threat-intel sharing between the private sector and federal government, before they expire at the end of…

  • The Register: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/03/hexstrike_ai_citrix_exploits/ Source: The Register Title: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs Feedly Summary: LLMs and 0-days – what could possibly go wrong? Attackers on underground forums claimed they were using HexStrike AI, an open-source red-teaming tool, against Citrix NetScaler vulnerabilities within hours of disclosure, according to Check…

  • The Register: It looks like you’re ransoming data. Would you like some help?

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/03/ransomware_ai_abuse/ Source: The Register Title: It looks like you’re ransoming data. Would you like some help? Feedly Summary: AI-powered ransomware, extortion chatbots, vibe hacking … just wait until agents replace affiliates It’s no secret that AI tools make it easier for cybercriminals to steal sensitive data and then extort victim organizations. But two…

  • Cisco Security Blog: Conference Hopping: Training Attendee Scanning Def Con

    by

    Kurt Seifried
    in

    Source URL: https://feedpress.me/link/23535/17135128/conference-hopping-training-attendee-scanning-def-con Source: Cisco Security Blog Title: Conference Hopping: Training Attendee Scanning Def Con Feedly Summary: Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025. AI Summary and Description: Yes Summary: The text highlights Cisco’s role…

  • Schneier on Security: Indirect Prompt Injection Attacks Against LLM Assistants

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/09/indirect-prompt-injection-attacks-against-llm-assistants.html Source: Schneier on Security Title: Indirect Prompt Injection Attacks Against LLM Assistants Feedly Summary: Really good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks,…

  • Unit 42: Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust

    by

    Kurt Seifried
    in

    Source URL: https://unit42.paloaltonetworks.com/model-namespace-reuse/ Source: Unit 42 Title: Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust Feedly Summary: Model namespace reuse is a potential security risk in the AI supply chain. Attackers can misuse platforms like Hugging Face for remote code execution. The post Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model…