vigilance – Page 5 – Experimental News Clipping Site

Embrace The Red: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection

Aug 20, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-interprets-hidden-instructions/ Source: Embrace The Red Title: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads. In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead…

The Register: Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/19/apache_activemq_patch_malware/ Source: The Register Title: Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in Feedly Summary: Intruders hoped no one would notice their presence Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux…

The Register: Boffins say tool can sniff 5G traffic, launch ‘attacks’ without using rogue base stations

Aug 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/18/sni5gect/ Source: The Register Title: Boffins say tool can sniff 5G traffic, launch ‘attacks’ without using rogue base stations Feedly Summary: Sni5Gect research crew targets sweet spot during device / network handshake pause Security boffins have released an open source tool for poking holes in 5G mobile networks, claiming it can do up-…

Slashdot: Google’s ‘AI Overview’ Pointed Him to a Customer Service Number. It Was a Scam

Aug 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://yro.slashdot.org/story/25/08/18/0223228/googles-ai-overview-pointed-him-to-a-customer-service-number-it-was-a-scam?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google’s ‘AI Overview’ Pointed Him to a Customer Service Number. It Was a Scam Feedly Summary: AI Summary and Description: Yes Summary: The text highlights a fraudulent scheme involving AI-generated chatbots and search engine results that led a real estate developer to fall victim to a scam when searching…

Slashdot: Google’s ‘AI Overview’ Pointed Him to a Customer Number. It Was a Scam

Aug 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://yro.slashdot.org/story/25/08/18/0223228/googles-ai-overview-pointed-him-to-a-customer-number-it-was-a-scam?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google’s ‘AI Overview’ Pointed Him to a Customer Number. It Was a Scam Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a scam where a real estate developer was tricked into providing credit card information to an impersonator posing as a customer service representative for a…

Slashdot: Security Flaws In Carmaker’s Web Portal Let a Hacker Remotely Unlock Cars

Aug 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/08/17/0221251/security-flaws-in-carmakers-web-portal-let-a-hacker-remotely-unlock-cars?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Security Flaws In Carmaker’s Web Portal Let a Hacker Remotely Unlock Cars Feedly Summary: AI Summary and Description: Yes Summary: A security researcher discovered vulnerabilities in a car dealership portal that could expose personal information and allow remote access to cars. The issues highlight the critical importance of secure…

Embrace The Red: Data Exfiltration via Image Rendering Fixed in Amp Code

Aug 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amp-code-fixed-data-exfiltration-via-images/ Source: Embrace The Red Title: Data Exfiltration via Image Rendering Fixed in Amp Code Feedly Summary: In this post we discuss a vulnerability that was present in Amp Code from Sourcegraph by which an attacker could exploit markdown driven image rendering to exfiltrate sensitive information. This vulnerability is common in AI applications…

Embrace The Red: Amp Code: Invisible Prompt Injection Fixed by Sourcegraph

Aug 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amp-code-fixed-invisible-prompt-injection/ Source: Embrace The Red Title: Amp Code: Invisible Prompt Injection Fixed by Sourcegraph Feedly Summary: In this post we will look at Amp, a coding agent from Sourcegraph. The other day we discussed how invisible instructions impact Google Jules. Turns out that many client applications are vulnerable to these kinds of attacks…

Embrace The Red: Google Jules is Vulnerable To Invisible Prompt Injection

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/google-jules-invisible-prompt-injection/ Source: Embrace The Red Title: Google Jules is Vulnerable To Invisible Prompt Injection Feedly Summary: The latest Gemini models quite reliably interpret hidden Unicode Tag characters as instructions. This vulnerability, first reported to Google over a year ago, has not been mitigated at the model or API level, hence now affects all…

New York Times – Artificial Intelligence : La IA aumenta los riesgos de publicar las fotos de tus hijos en internet

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.nytimes.com/es/2025/08/15/espanol/negocios/ia-riesgos-fotos-hijos-internet.html Source: New York Times – Artificial Intelligence Title: La IA aumenta los riesgos de publicar las fotos de tus hijos en internet Feedly Summary: Las aplicaciones de inteligencia artificial que generan desnudos falsos, entre otros problemas de privacidad, hacen que compartir imágenes de tus hijos sea mucho más arriesgado que hace unos…

Tag: vigilance