Experimental News Clipping Site

Tag: vigilance

  • The Register: Crims laud Claude to plant ransomware and fake IT expertise

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/27/anthropic_security_report_flags_rogue/ Source: The Register Title: Crims laud Claude to plant ransomware and fake IT expertise Feedly Summary: AI lowers the bar for cybercrime, Anthropic admits comment Anthropic, a maker of AI tools, says that AI tools are now commonly used to commit cybercrime and facilitate remote worker fraud.… AI Summary and Description: Yes…

  • Cisco Talos Blog: Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/libbiosig-tenda-sail-pdf-xchange-foxit-vulnerabilities/ Source: Cisco Talos Blog Title: Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader.The vulnerabilities mentioned in this blog…

  • The Register: Nx NPM packages poisoned in AI-assisted supply chain attack

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/27/nx_npm_supply_chain_attack/ Source: The Register Title: Nx NPM packages poisoned in AI-assisted supply chain attack Feedly Summary: Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM…

  • The Register: First AI-powered ransomware spotted, but it’s not active – yet

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/26/first_aipowered_ransomware_spotted_by/ Source: The Register Title: First AI-powered ransomware spotted, but it’s not active – yet Feedly Summary: Oh, look, a use case for OpenAI’s gpt-oss-20b model ESET malware researchers Anton Cherepanov and Peter Strycek have discovered what they describe as the “first known AI-powered ransomware," which they named PromptLock. … AI Summary and Description:…

  • Embrace The Red: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/aws-kiro-aribtrary-command-execution-with-indirect-prompt-injection/ Source: Embrace The Red Title: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection Feedly Summary: On the day AWS Kiro was released, I couldn’t resist putting it through some of my Month of AI Bugs security tests for coding agents. AWS Kiro was vulnerable to arbitrary command execution via indirect prompt…

  • The Register: One long sentence is all it takes to make LLMs misbehave

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/26/breaking_llms_for_fun/ Source: The Register Title: One long sentence is all it takes to make LLMs misbehave Feedly Summary: Chatbots ignore their guardrails when your grammar sucks, researchers find Security researchers from Palo Alto Networks’ Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it’s…

  • Slashdot: FTC Warns Tech Giants Not To Bow To Foreign Pressure on Encryption

    by

    Kurt Seifried
    in

    Source URL: https://news.slashdot.org/story/25/08/25/1939221/ftc-warns-tech-giants-not-to-bow-to-foreign-pressure-on-encryption Source: Slashdot Title: FTC Warns Tech Giants Not To Bow To Foreign Pressure on Encryption Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a warning from the Federal Trade Commission (FTC) to U.S. tech companies against compliance with foreign government demands that could compromise data security, encryption, or lead…

  • Slashdot: FBI Warns Russian Hackers Targeted ‘Thousands’ of Critical US Infrastructure IT Systems

    by

    Kurt Seifried
    in

    Source URL: https://news.slashdot.org/story/25/08/24/0638238/fbi-warns-russian-hackers-targeted-thousands-of-critical-us-infrastructure-it-systems?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: FBI Warns Russian Hackers Targeted ‘Thousands’ of Critical US Infrastructure IT Systems Feedly Summary: AI Summary and Description: Yes Summary: The text outlines a significant security threat posed by Russian state-sponsored hackers targeting U.S. critical infrastructure through vulnerabilities in Cisco devices. The report emphasizes the risks posed by unpatched…

  • Embrace The Red: Sneaking Invisible Instructions by Developers in Windsurf

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/windsurf-sneaking-invisible-instructions-for-prompt-injection/ Source: Embrace The Red Title: Sneaking Invisible Instructions by Developers in Windsurf Feedly Summary: Imagine a malicious instruction hidden in plain sight, invisible to you but not to the AI. This is a vulnerability discovered in Windsurf Cascade, it follows invisible instructions. This means there can be instructions in a file or…