Tag: vectors

—

by

Source URL: https://www.theregister.com/2025/08/27/nx_npm_supply_chain_attack/ Source: The Register Title: Nx NPM packages poisoned in AI-assisted supply chain attack Feedly Summary: Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM…

Tomasz Tunguz: The Second-Order Effects of AI

—

by

Source URL: https://www.tomtunguz.com/mdb-earnings-2025-08-27/ Source: Tomasz Tunguz Title: The Second-Order Effects of AI Feedly Summary: AI vendor revenue will double classic software in terms of new bookings this year. This trend is so large it’s starting to have second-order effects. MongoDB reported strong Q2 FY’26 results, delivering $591M in revenue with 24% year-over-year growth. AI is…

Embrace The Red: Cline: Vulnerable To Data Exfiltration And How To Protect Your Data

—

by

Source URL: https://embracethered.com/blog/posts/2025/cline-vulnerable-to-data-exfiltration/ Source: Embrace The Red Title: Cline: Vulnerable To Data Exfiltration And How To Protect Your Data Feedly Summary: Cline is quite a popular AI coding agent, according to the product website it has 2+ million downloads and over 47k stars on GitHub. Unfortunately, Cline is vulnerable to data exfiltration through the rendering…

Microsoft Security Blog: Storm-0501’s evolving techniques lead to cloud-based ransomware

—

by

Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/ Source: Microsoft Security Blog Title: Storm-0501’s evolving techniques lead to cloud-based ransomware Feedly Summary: Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). While the threat actor has been known for targeting hybrid cloud environments, their primary objective has shifted…

Schneier on Security: We Are Still Unable to Secure LLMs from Malicious Inputs

—

by

Source URL: https://www.schneier.com/blog/archives/2025/08/we-are-still-unable-to-secure-llms-from-malicious-inputs.html Source: Schneier on Security Title: We Are Still Unable to Secure LLMs from Malicious Inputs Feedly Summary: Nice indirect prompt injection attack: Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own…

The Register: Uncle Sam speedruns AI chatbot adoption for federal workers

Aug 26, 2025

—

by

Source URL: https://www.theregister.com/2025/08/26/gsa_ai_chatbot_speedrun/ Source: The Register Title: Uncle Sam speedruns AI chatbot adoption for federal workers Feedly Summary: The GSA is letting AI chatbot makers jump the FedRAMP queue The US government wants more AI chatbots in fed employees’ hands, and its push to do so means that tech companies keen to provide other services…

Microsoft Security Blog: Securing and governing the rise of autonomous agents

Aug 26, 2025

—

by

Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/26/securing-and-governing-the-rise-of-autonomous-agents/ Source: Microsoft Security Blog Title: Securing and governing the rise of autonomous agents Feedly Summary: Hear directly from Corporate Vice President and Deputy Chief Information Security Officer (CISO) for Identity, Igor Sakhnov, about how to secure and govern autonomous agents. This blog is part of a new ongoing series where our Deputy…

Cloud Blog: Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats

Aug 25, 2025

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats/ Source: Cloud Blog Title: Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats Feedly Summary: Written by: Patrick Whitsell In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities…

Slashdot: Coinbase Reverses Remote-First Policy After North Korean Infiltration Attempts

Aug 22, 2025

—

by