Tag: tokens
-
The Register: Stolen OAuth tokens expose Palo Alto customer data
Source URL: https://www.theregister.com/2025/09/02/stolen_oauth_tokens_expose_palo/ Source: The Register Title: Stolen OAuth tokens expose Palo Alto customer data Feedly Summary: Security firm’s Salesforce instance accessed using credentials stolen from Salesloft’s Drift platform breach Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lifted from the Salesloft…
-
Krebs on Security: The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
Source URL: https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/ Source: Krebs on Security Title: The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft Feedly Summary: The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate…
-
Simon Willison’s Weblog: Introducing gpt-realtime
Source URL: https://simonwillison.net/2025/Sep/1/introducing-gpt-realtime/#atom-everything Source: Simon Willison’s Weblog Title: Introducing gpt-realtime Feedly Summary: Introducing gpt-realtime Released a few days ago (August 28th), gpt-realtime is OpenAI’s new “most advanced speech-to-speech model". It looks like this is a replacement for the older gpt-4o-realtime-preview model that was released last October. This is a slightly confusing release. The previous realtime…
-
Embrace The Red: Wrap Up: The Month of AI Bugs
Source URL: https://embracethered.com/blog/posts/2025/wrapping-up-month-of-ai-bugs/ Source: Embrace The Red Title: Wrap Up: The Month of AI Bugs Feedly Summary: That’s it. The Month of AI Bugs is done. There won’t be a post tomorrow, because I will be at PAX West. Overview of Posts ChatGPT: Exfiltrating Your Chat History and Memories With Prompt Injection | Video ChatGPT…
-
The Register: Salesforce data missing? It might be due to Salesloft breach, Google says
Source URL: https://www.theregister.com/2025/08/27/salesforce_salesloft_breach/ Source: The Register Title: Salesforce data missing? It might be due to Salesloft breach, Google says Feedly Summary: Attackers steal OAuth tokens to access third-party sales platform, then CRM data in ‘widespread campaign’ Google says a recent spate of Salesforce-related breaches was caused by attackers stealing OAuth tokens from the third-party Salesloft…
-
Cloud Blog: Widespread Data Theft Targets Salesforce Instances via Salesloft Drift
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift/ Source: Cloud Blog Title: Widespread Data Theft Targets Salesforce Instances via Salesloft Drift Feedly Summary: Written by: Austin Larsen, Matt Lin, Tyler McLellan, Omar ElAhdan Introduction Google Threat Intelligence Group (GTIG) is issuing an advisory to alert organizations about a widespread data theft campaign, carried out by the actor tracked as UNC6395.…
-
Cloud Blog: vLLM Performance Tuning: The Ultimate Guide to xPU Inference Configuration
Source URL: https://cloud.google.com/blog/topics/developers-practitioners/vllm-performance-tuning-the-ultimate-guide-to-xpu-inference-configuration/ Source: Cloud Blog Title: vLLM Performance Tuning: The Ultimate Guide to xPU Inference Configuration Feedly Summary: Additional contributors include Hossein Sarshar, Ashish Narasimham, and Chenyang Li. Large Language Models (LLMs) are revolutionizing how we interact with technology, but serving these powerful models efficiently can be a challenge. vLLM has rapidly become…
-
Simon Willison’s Weblog: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
Source URL: https://simonwillison.net/2025/Aug/25/agentic-browser-security/#atom-everything Source: Simon Willison’s Weblog Title: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet Feedly Summary: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet The security team from Brave took a look at Comet, the LLM-powered “agentic browser" extension from Perplexity, and unsurprisingly found security holes you can drive a truck…
-
Simon Willison’s Weblog: DeepSeek 3.1
Source URL: https://simonwillison.net/2025/Aug/22/deepseek-31/#atom-everything Source: Simon Willison’s Weblog Title: DeepSeek 3.1 Feedly Summary: DeepSeek 3.1 The latest model from DeepSeek, a 685B monster (like DeepSeek v3 before it) but this time it’s a hybrid reasoning model. DeepSeek claim: DeepSeek-V3.1-Think achieves comparable answer quality to DeepSeek-R1-0528, while responding more quickly. Drew Breunig points out that their benchmarks…
-
Simon Willison’s Weblog: too many model context protocol servers and LLM allocations on the dance floor
Source URL: https://simonwillison.net/2025/Aug/22/too-many-mcps/#atom-everything Source: Simon Willison’s Weblog Title: too many model context protocol servers and LLM allocations on the dance floor Feedly Summary: too many model context protocol servers and LLM allocations on the dance floor Useful reminder from Geoffrey Huntley of the infrequently discussed significant token cost of using MCP. Geoffrey estimate estimates that…