Tag: vulnerabilities
-
Embrace The Red: AgentHopper: An AI Virus Research Project
Source URL: https://embracethered.com/blog/posts/2025/agenthopper-a-poc-ai-virus/ Source: Embrace The Red Title: AgentHopper: An AI Virus Research Project Feedly Summary: As part of the Month of AI Bugs, serious vulnerabilities that allow remote code execution via indirect prompt injection were discovered. There was a period of a few weeks where multiple arbitrary code execution vulnerabilities existed in popular agents,…
-
The Cloudflare Blog: The crawl-to-click gap: Cloudflare data on AI bots, training, and referrals
Source URL: https://blog.cloudflare.com/crawlers-click-ai-bots-training/ Source: The Cloudflare Blog Title: The crawl-to-click gap: Cloudflare data on AI bots, training, and referrals Feedly Summary: By mid-2025, training drives nearly 80% of AI crawling, while referrals to publishers (especially from Google) are falling and crawl-to-refer ratios show AI consumes far more than it sends back. AI Summary and Description:…
-
The Register: GitHub engineer claims team was ‘coerced’ to put Grok into Copilot
Source URL: https://www.theregister.com/2025/08/29/github_deepens_ties_with_elon/ Source: The Register Title: GitHub engineer claims team was ‘coerced’ to put Grok into Copilot Feedly Summary: Platform’s staffer complains security review was ‘rushed’ Microsoft-owned collaborative coding platform GitHub is deepening its ties with Elon Musk’s xAI, bringing early access to the company’s Grok Code Fast 1 large language model (LLM) into…
-
The Register: Pentagon ends Microsoft’s use of China-based support staff for DoD cloud
Source URL: https://www.theregister.com/2025/08/29/pentagon_ends_microsofts_use_of/ Source: The Register Title: Pentagon ends Microsoft’s use of China-based support staff for DoD cloud Feedly Summary: ‘It blows my mind,’ says SecDef The Pentagon has formally kiboshed Microsoft’s use of China-based employees to support Azure cloud services deployed by US government agencies, and it’s demanding Microsoft do more of its own…
-
The Register: Enterprise password management outfit Passwordstate patches Emergency Access bug
Source URL: https://www.theregister.com/2025/08/29/enterprise_password_management_outfit_passwordstate/ Source: The Register Title: Enterprise password management outfit Passwordstate patches Emergency Access bug Feedly Summary: Up to 29,000 organizations and potentially 370,000 security and IT pros affected Australian development house Click Studios has warned users of its Passwordstate enterprise password management platform to update immediately if not sooner, following the discovery of…
-
Docker: Boost Your Copilot with SonarQube via Docker MCP Toolkit and Gateway
Source URL: https://www.docker.com/blog/blog-sonarqube-copilot-docker-mcp-toolkit/ Source: Docker Title: Boost Your Copilot with SonarQube via Docker MCP Toolkit and Gateway Feedly Summary: In the era of AI copilots and code generation tools productivity is skyrocketing, but so is the risk of insecure, untested, or messy code slipping into production. How do you ensure it doesn’t introduce vulnerabilities, bugs,…
-
Embrace The Red: Windsurf MCP Integration: Missing Security Controls Put Users at Risk
Source URL: https://embracethered.com/blog/posts/2025/windsurf-dangers-lack-of-security-controls-for-mcp-server-tool-invocation/ Source: Embrace The Red Title: Windsurf MCP Integration: Missing Security Controls Put Users at Risk Feedly Summary: Part of my default test cases for coding agents is to check how MCP integration looks like, especially if the agent can be configured to allow setting fine-grained controls for tools. Sometimes there are basic…