Tag: uth
-
Bulletins: Vulnerability Summary for the Week of August 25, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-245 Source: Bulletins Title: Vulnerability Summary for the Week of August 25, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects–Online Project Report Submission and Evaluation System A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown…
-
The Cloudflare Blog: The impact of the Salesloft Drift breach on Cloudflare and our customers
Source URL: https://blog.cloudflare.com/response-to-salesloft-drift-incident/ Source: The Cloudflare Blog Title: The impact of the Salesloft Drift breach on Cloudflare and our customers Feedly Summary: An advanced threat actor, GRUB1, exploited the integration between Salesloft’s Drift chat agent and Salesforce to gain unauthorized access to Salesforce tenants of Cloudflare and many other companies. AI Summary and Description: Yes…
-
The Register: Stolen OAuth tokens expose Palo Alto customer data
Source URL: https://www.theregister.com/2025/09/02/stolen_oauth_tokens_expose_palo/ Source: The Register Title: Stolen OAuth tokens expose Palo Alto customer data Feedly Summary: Security firm’s Salesforce instance accessed using credentials stolen from Salesloft’s Drift platform breach Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lifted from the Salesloft…
-
Cisco Security Blog: Closing the Backdoor in TACACS+: Why Full-Session Encryption Matters More Than Ever
Source URL: https://feedpress.me/link/23535/17134419/closing-the-backdoor-in-tacacs-why-full-session-encryption-matters-more-than-ever Source: Cisco Security Blog Title: Closing the Backdoor in TACACS+: Why Full-Session Encryption Matters More Than Ever Feedly Summary: Attackers exploited weak TACACS+ encryption to steal credentials and evade detection. Learn how Cisco ISE with TLS 1.3 and Duo MFA closes these backdoors. AI Summary and Description: Yes Summary: The text discusses…
-
Unit 42: Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances
Source URL: https://unit42.paloaltonetworks.com/threat-brief-compromised-salesforce-instances/ Source: Unit 42 Title: Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances Feedly Summary: This Threat Brief discusses observations on a campaign leveraging Salesloft Drift integration to exfiltrate data via compromised OAuth credentials. The post Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances appeared first on Unit 42.…
-
The Register: In the rush to adopt hot new tech, security is often forgotten. AI is no exception
Source URL: https://www.theregister.com/2025/09/02/exposed_ollama_servers_insecure_research/ Source: The Register Title: In the rush to adopt hot new tech, security is often forgotten. AI is no exception Feedly Summary: Cisco finds hundreds of Ollama servers open to unauthorized access, creating various nasty risks Cisco’s Talos security research team has found over 1,100 Ollama servers exposed to the public internet,…
-
Krebs on Security: The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
Source URL: https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/ Source: Krebs on Security Title: The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft Feedly Summary: The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate…
-
Cisco Security Blog: Detecting Exposed LLM Servers: A Shodan Case Study on Ollama
Source URL: https://feedpress.me/link/23535/17131153/detecting-exposed-llm-servers-shodan-case-study-on-ollama Source: Cisco Security Blog Title: Detecting Exposed LLM Servers: A Shodan Case Study on Ollama Feedly Summary: We uncovered 1,100+ exposed Ollama LLM servers—20% with open models—revealing critical security gaps and the need for better LLM threat monitoring. AI Summary and Description: Yes Summary: The text highlights the discovery of over 1,100…
-
The Register: WhatsApp warns of ‘attack against specific targeted users’
Source URL: https://www.theregister.com/2025/09/01/infosec_in_brief/ Source: The Register Title: WhatsApp warns of ‘attack against specific targeted users’ Feedly Summary: PLUS: Microsoft ends no-MFA Azure access; WorkDay attack diverts payments; FreePBX warns of CVSS 10 flaw; and more Infosec In brief A flaw in Meta’s WhatsApp app “may have been exploited in a sophisticated attack against specific targeted…
-
Simon Willison’s Weblog: Quoting Benj Edwards
Source URL: https://simonwillison.net/2025/Aug/30/benj-edwards/#atom-everything Source: Simon Willison’s Weblog Title: Quoting Benj Edwards Feedly Summary: LLMs are intelligence without agency—what we might call “vox sine persona": voice without person. Not the voice of someone, not even the collective voice of many someones, but a voice emanating from no one at all. — Benj Edwards Tags: benj-edwards, ai-personality,…