Tag: vigilance

Source URL: https://www.theregister.com/2025/08/22/firefox_142/ Source: The Register Title: Saved you a click: Firefox 142 offers AI summaries of links Feedly Summary: CRLite, link previews, and a llama-shaped surprise for devs Good news, everyone! The new version of Mozilla’s browser now makes even more extensive use of AI, providing summaries of linked content and offering developers the…

The Register: Microsoft reportedly cuts China’s early access to bug disclosures, PoC exploit code

—

by

Source URL: https://www.theregister.com/2025/08/21/microsoft_cuts_chinas_early_access/ Source: The Register Title: Microsoft reportedly cuts China’s early access to bug disclosures, PoC exploit code Feedly Summary: Better late than never after SharePoint assault? Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month’s SharePoint zero-day attacks, which appear to be related to a leak…

The Register: Honey, I shrunk the image and now I’m pwned

—

by

Source URL: https://www.theregister.com/2025/08/21/google_gemini_image_scaling_attack/ Source: The Register Title: Honey, I shrunk the image and now I’m pwned Feedly Summary: Google’s Gemini-powered tools tripped up by image-scaling prompt injection Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge…

The Register: Orange Belgium mega-breach exposes 850K customers to serious fraud

—

by

Source URL: https://www.theregister.com/2025/08/21/orange_belgium_breach/ Source: The Register Title: Orange Belgium mega-breach exposes 850K customers to serious fraud Feedly Summary: Everything a criminal needs for targeted attacks exposed, but telco insists ‘no critical data compromised’ A significant data theft at Orange Belgium has opened hundreds of thousands of its customers to serious cybersecurity risks.… AI Summary and…

The Register: Google yet to take down ‘screenshot-grabbing’ Chrome VPN extension

—

by

Source URL: https://www.theregister.com/2025/08/21/freevpn_privacy_research/ Source: The Register Title: Google yet to take down ‘screenshot-grabbing’ Chrome VPN extension Feedly Summary: Researcher claims extension didn’t start out by exfiltrating info… while dev says its actions are ‘compliant’ Security boffins at Koi Security have warned of a shift in behavior of a popular Chrome VPN extension, FreeVPN.One, which recently…

Unit 42: Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth

—

by

Source URL: https://unit42.paloaltonetworks.com/attackers-sell-your-bandwidth-using-sdks/ Source: Unit 42 Title: Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth Feedly Summary: A campaign leverages CVE-2024-36401 to stealthily monetize victims’ bandwidth where legitimate software development kits (SDKs) are deployed for passive income. The post Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth…

The Register: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

Aug 20, 2025

—

by

Source URL: https://www.theregister.com/2025/08/20/amazon_quietly_fixed_q_developer_flaws/ Source: The Register Title: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE Feedly Summary: Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to…

The Register: Perplexity’s Comet browser naively processed pages with evil instructions

Aug 20, 2025

—

by

Source URL: https://www.theregister.com/2025/08/20/perplexity_comet_browser_prompt_injection/ Source: The Register Title: Perplexity’s Comet browser naively processed pages with evil instructions Feedly Summary: Rival Brave flags prompt injection vulnerability, now patched To the surprise of no one in the security industry, processing untrusted, unvalidated input is a bad idea.… AI Summary and Description: Yes Summary: The text discusses a recently…

Cisco Talos Blog: Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices

Aug 20, 2025

—

by