Tag: vulnerability
-
The Register: Secure chat darling Matrix admits pair of ‘high severity’ protocol flaws need painful fixes
Source URL: https://www.theregister.com/2025/08/13/secure_chat_darling_matrix_admits/ Source: The Register Title: Secure chat darling Matrix admits pair of ‘high severity’ protocol flaws need painful fixes Feedly Summary: Foundation warns federated servers face biggest risk, but single-instance users can take their time The maintainers of the federated secure chat protocol Matrix are warning users of a pair of “high severity…
-
Embrace The Red: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)
Source URL: https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/ Source: Embrace The Red Title: GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) Feedly Summary: This post is about an important, but also scary, prompt injection discovery that leads to full system compromise of the developer’s machine in GitHub Copilot and VS Code. It is achieved by placing Copilot into YOLO…
-
Cisco Talos Blog: Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
Source URL: https://blog.talosintelligence.com/microsoft-patch-tuesday-august-2025/ Source: Cisco Talos Blog Title: Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities Feedly Summary: Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”. In this month’s release, Microsoft observed none of…
-
Google Online Security Blog: Android’s pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Source URL: http://security.googleblog.com/2025/08/Android-pKVM-Certified-SESIP-Level-5.html Source: Google Online Security Blog Title: Android’s pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification Feedly Summary: AI Summary and Description: Yes Summary: The announcement about the pKVM achieving SESIP Level 5 certification marks a significant advancement in open-source security for consumer electronics, particularly in supporting…
-
The Register: Russia’s RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks
Source URL: https://www.theregister.com/2025/08/11/russias_romcom_among_those_exploiting/ Source: The Register Title: Russia’s RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks Feedly Summary: A few weeks earlier ‘zeroplayer’ advertised an $80K WinRAR 0-day exploit Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.… AI Summary and Description:…
-
Embrace The Red: Claude Code: Data Exfiltration with DNS Requests
Source URL: https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/ Source: Embrace The Red Title: Claude Code: Data Exfiltration with DNS Requests Feedly Summary: Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g.…
-
Embrace The Red: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution
Source URL: https://embracethered.com/blog/posts/2025/openhands-remote-code-execution-zombai/ Source: Embrace The Red Title: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution Feedly Summary: Today we have another post about OpenHands from All Hands AI. It is a popular agent, initially named “OpenDevin”, and recently the company also provides a cloud-based service. Which is all pretty cool and exciting. Prompt…