Experimental News Clipping Site

Tag: vigilance

  • The Register: Nx NPM packages poisoned in AI-assisted supply chain attack

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/27/nx_npm_supply_chain_attack/ Source: The Register Title: Nx NPM packages poisoned in AI-assisted supply chain attack Feedly Summary: Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM…

  • The Register: First AI-powered ransomware spotted, but it’s not active – yet

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/26/first_aipowered_ransomware_spotted_by/ Source: The Register Title: First AI-powered ransomware spotted, but it’s not active – yet Feedly Summary: Oh, look, a use case for OpenAI’s gpt-oss-20b model ESET malware researchers Anton Cherepanov and Peter Strycek have discovered what they describe as the “first known AI-powered ransomware," which they named PromptLock. … AI Summary and Description:…

  • Embrace The Red: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/aws-kiro-aribtrary-command-execution-with-indirect-prompt-injection/ Source: Embrace The Red Title: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection Feedly Summary: On the day AWS Kiro was released, I couldn’t resist putting it through some of my Month of AI Bugs security tests for coding agents. AWS Kiro was vulnerable to arbitrary command execution via indirect prompt…

  • The Register: One long sentence is all it takes to make LLMs misbehave

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/26/breaking_llms_for_fun/ Source: The Register Title: One long sentence is all it takes to make LLMs misbehave Feedly Summary: Chatbots ignore their guardrails when your grammar sucks, researchers find Security researchers from Palo Alto Networks’ Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it’s…

  • Slashdot: FTC Warns Tech Giants Not To Bow To Foreign Pressure on Encryption

    by

    Kurt Seifried
    in

    Source URL: https://news.slashdot.org/story/25/08/25/1939221/ftc-warns-tech-giants-not-to-bow-to-foreign-pressure-on-encryption Source: Slashdot Title: FTC Warns Tech Giants Not To Bow To Foreign Pressure on Encryption Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a warning from the Federal Trade Commission (FTC) to U.S. tech companies against compliance with foreign government demands that could compromise data security, encryption, or lead…

  • Slashdot: FBI Warns Russian Hackers Targeted ‘Thousands’ of Critical US Infrastructure IT Systems

    by

    Kurt Seifried
    in

    Source URL: https://news.slashdot.org/story/25/08/24/0638238/fbi-warns-russian-hackers-targeted-thousands-of-critical-us-infrastructure-it-systems?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: FBI Warns Russian Hackers Targeted ‘Thousands’ of Critical US Infrastructure IT Systems Feedly Summary: AI Summary and Description: Yes Summary: The text outlines a significant security threat posed by Russian state-sponsored hackers targeting U.S. critical infrastructure through vulnerabilities in Cisco devices. The report emphasizes the risks posed by unpatched…

  • Embrace The Red: Sneaking Invisible Instructions by Developers in Windsurf

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/windsurf-sneaking-invisible-instructions-for-prompt-injection/ Source: Embrace The Red Title: Sneaking Invisible Instructions by Developers in Windsurf Feedly Summary: Imagine a malicious instruction hidden in plain sight, invisible to you but not to the AI. This is a vulnerability discovered in Windsurf Cascade, it follows invisible instructions. This means there can be instructions in a file or…

  • Slashdot: Nvidia Release Massive AI-Ready Open European Language Dataset and Tools

    by

    Kurt Seifried
    in

    Source URL: https://hardware.slashdot.org/story/25/08/23/1731237/nvidia-release-massive-ai-ready-open-european-language-dataset-and-tools Source: Slashdot Title: Nvidia Release Massive AI-Ready Open European Language Dataset and Tools Feedly Summary: AI Summary and Description: Yes Summary: Nvidia has launched Granary, an extensive open-source dataset that significantly enhances AI translation capabilities for European languages. This initiative, alongside new AI models Canary and Parakeet, aims to improve the inclusivity…

  • The Register: Saved you a click: Firefox 142 offers AI summaries of links

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/22/firefox_142/ Source: The Register Title: Saved you a click: Firefox 142 offers AI summaries of links Feedly Summary: CRLite, link previews, and a llama-shaped surprise for devs Good news, everyone! The new version of Mozilla’s browser now makes even more extensive use of AI, providing summaries of linked content and offering developers the…