vulnerabilities – Page 41 – Experimental News Clipping Site

The Register: Russia’s RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks

Aug 11, 2025

—

by

Source URL: https://www.theregister.com/2025/08/11/russias_romcom_among_those_exploiting/ Source: The Register Title: Russia’s RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks Feedly Summary: A few weeks earlier ‘zeroplayer’ advertised an $80K WinRAR 0-day exploit Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.… AI Summary and Description:…

The Register: Red teams are safe from robots for now, as AI makes better shield than spear

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/11/ai_security_offense_defense/ Source: The Register Title: Red teams are safe from robots for now, as AI makes better shield than spear Feedly Summary: The bad news? The machines, and their operators, are coming on fast Black Hat/DEF CON At the opening of Black Hat, the largest security shindig in the Hacker Summer Camp week…

Embrace The Red: Claude Code: Data Exfiltration with DNS Requests

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/ Source: Embrace The Red Title: Claude Code: Data Exfiltration with DNS Requests Feedly Summary: Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g.…

The Register: Deepfake detectors are slowly coming of age, at a time of dire need

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/11/deepfake_detectors_fraud/ Source: The Register Title: Deepfake detectors are slowly coming of age, at a time of dire need Feedly Summary: By video, picture, and voice – the fakers are coming for your money DEF CON While AI was on everyone’s lips in Las Vegas this week at the trio of security conferences in…

Unit 42: Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/ Source: Unit 42 Title: Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild Feedly Summary: CVE-2025-32433 allows for remote code execution in sshd for certain versions of Erlang programming language’s OTP. We reproduced this CVE and share our findings. The post Keys to the Kingdom: Erlang/OTP SSH…

Simon Willison’s Weblog: Chromium Docs: The Rule Of 2

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/11/the-rule-of-2/ Source: Simon Willison’s Weblog Title: Chromium Docs: The Rule Of 2 Feedly Summary: Chromium Docs: The Rule Of 2 Alex Russell pointed me to this principle in the Chromium security documentation as similar to my description of the lethal trifecta. First added in 2019, the Chromium guideline states: When you write code…

Slashdot: How Python is Fighting Open Source’s ‘Phantom’ Dependencies Problem

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://developers.slashdot.org/story/25/08/11/025214/how-python-is-fighting-open-sources-phantom-dependencies-problem?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: How Python is Fighting Open Source’s ‘Phantom’ Dependencies Problem Feedly Summary: AI Summary and Description: Yes Summary: The Python Software Foundation is addressing the “phantom dependencies” issue in software packages by introducing the Software Bill-of-Materials (SBOM) through Python Enhancement Proposal 770. This initiative enhances metadata accessibility, making it easier…

The Register: Trend Micro offers weak workaround for already-exploited critical vuln in management console

Aug 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/10/infosec_in_brief/ Source: The Register Title: Trend Micro offers weak workaround for already-exploited critical vuln in management console Feedly Summary: PLUS: Crypto mixer founders plead guilty; Another French telco hacked; Meta fights WhatsApp scams; And more! Infosec In Brief A critical vulnerability in the on-prem version of Trend Micro’s Apex One endpoint security platform…

Embrace The Red: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution

Aug 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/openhands-remote-code-execution-zombai/ Source: Embrace The Red Title: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution Feedly Summary: Today we have another post about OpenHands from All Hands AI. It is a popular agent, initially named “OpenDevin”, and recently the company also provides a cloud-based service. Which is all pretty cool and exciting. Prompt…

The Register: The inside story of the Telemessage saga, and how you can view the data

Aug 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/10/telemessage_archive_online/ Source: The Register Title: The inside story of the Telemessage saga, and how you can view the data Feedly Summary: It turns out no one was clean on OPSEC DEF CON On Saturday at DEF CON, security boffin Micah Lee explained just how he hacked into TeleMessage, the supposedly secure messaging app…

Tag: vulnerabilities