Tag: verification mechanisms
-
Microsoft Security Blog: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/ Source: Microsoft Security Blog Title: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability Feedly Summary: Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. We are publishing this…
-
Slashdot: Microsoft Says AI Can Create ‘Zero Day’ Threats In Biology
Source URL: https://science.slashdot.org/story/25/10/02/2335217/microsoft-says-ai-can-create-zero-day-threats-in-biology?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Microsoft Says AI Can Create ‘Zero Day’ Threats In Biology Feedly Summary: AI Summary and Description: Yes Summary: Microsoft’s team has identified a significant vulnerability in biosecurity systems using AI, highlighting the dual-use capabilities of generative AI in potentially enabling bioweapons development. This discovery emphasizes the urgent need for…
-
The Register: One line of malicious npm code led to massive Postmark email heist
Source URL: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/ Source: The Register Title: One line of malicious npm code led to massive Postmark email heist Feedly Summary: MCP plus open source plus typosquatting … what could possibly go wrong? A fake npm package posing as Postmark’s MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding…
-
Slashdot: Google’s ‘AI Overview’ Pointed Him to a Customer Number. It Was a Scam
Source URL: https://yro.slashdot.org/story/25/08/18/0223228/googles-ai-overview-pointed-him-to-a-customer-number-it-was-a-scam?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google’s ‘AI Overview’ Pointed Him to a Customer Number. It Was a Scam Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a scam where a real estate developer was tricked into providing credit card information to an impersonator posing as a customer service representative for a…
-
Slashdot: Mozilla Adapts ‘Fakespot’ Into an AI-Detecting Firefox Add-on
Source URL: https://news.slashdot.org/story/25/02/02/2156241/mozilla-adapts-fakespot-into-an-ai-detecting-firefox-add-on?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Mozilla Adapts ‘Fakespot’ Into an AI-Detecting Firefox Add-on Feedly Summary: AI Summary and Description: Yes Summary: Mozilla’s Fakespot Deepfake Detector is a free Firefox add-on that identifies whether online text is generated by AI or written by a human. This tool employs Mozilla’s proprietary engine and promises to enhance…
-
Simon Willison’s Weblog: Trading Inference-Time Compute for Adversarial Robustness
Source URL: https://simonwillison.net/2025/Jan/22/trading-inference-time-compute/ Source: Simon Willison’s Weblog Title: Trading Inference-Time Compute for Adversarial Robustness Feedly Summary: Trading Inference-Time Compute for Adversarial Robustness Brand new research paper from OpenAI, exploring how inference-scaling “reasoning" models such as o1 might impact the search for improved security with respect to things like prompt injection. We conduct experiments on the…