vulnerability – Page 21 – Experimental News Clipping Site

Slashdot: Google Says Its AI-Based Bug Hunter Found 20 Security Vulnerabilities

Aug 9, 2025

—

by

Source URL: https://it.slashdot.org/story/25/08/09/1947230/google-says-its-ai-based-bug-hunter-found-20-security-vulnerabilities Source: Slashdot Title: Google Says Its AI-Based Bug Hunter Found 20 Security Vulnerabilities Feedly Summary: AI Summary and Description: Yes Summary: Google’s Big Sleep, an LLM-based vulnerability researcher, reported 20 vulnerabilities in popular open-source software, marking a significant advancement in automated vulnerability discovery. This highlights the increasing efficacy of AI tools in…

Cisco Talos Blog: ReVault! When your SoC turns against you… deep dive edition

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you-2/ Source: Cisco Talos Blog Title: ReVault! When your SoC turns against you… deep dive edition Feedly Summary: Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. AI Summary and Description: Yes **Summary:** The text conducts an in-depth analysis…

Simon Willison’s Weblog: When a Jira Ticket Can Steal Your Secrets

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/9/when-a-jira-ticket-can-steal-your-secrets/ Source: Simon Willison’s Weblog Title: When a Jira Ticket Can Steal Your Secrets Feedly Summary: When a Jira Ticket Can Steal Your Secrets Zenity Labs describe a classic lethal trifecta attack, this time against Cursor, MCP, Jira and Zendesk. They also have a short video demonstrating the issue. Zendesk support emails are…

Simon Willison’s Weblog: My Lethal Trifecta talk at the Bay Area AI Security Meetup

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/9/bay-area-ai/#atom-everything Source: Simon Willison’s Weblog Title: My Lethal Trifecta talk at the Bay Area AI Security Meetup Feedly Summary: I gave a talk on Wednesday at the Bay Area AI Security Meetup about prompt injection, the lethal trifecta and the challenges of securing systems that use MCP. It wasn’t recorded but I’ve created…

Slashdot: Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ For Enterprise

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/08/08/2113251/red-teams-jailbreak-gpt-5-with-ease-warn-its-nearly-unusable-for-enterprise?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ For Enterprise Feedly Summary: AI Summary and Description: Yes Summary: The text highlights significant security vulnerabilities in the newly released GPT-5 model, noting that it was easily jailbroken within a short timeframe. The results from different red teaming efforts…

The Register: Infosec hounds spot prompt injection vuln in Google Gemini apps

Aug 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/08/infosec_hounds_spot_prompt_injection/ Source: The Register Title: Infosec hounds spot prompt injection vuln in Google Gemini apps Feedly Summary: Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed Black hat A trio of researchers has disclosed a major prompt injection vulnerability in Google’s Gemini large…

Schneier on Security: Google Project Zero Changes Its Disclosure Policy

Aug 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/08/google-project-zero-changes-its-disclosure-policy.html Source: Schneier on Security Title: Google Project Zero Changes Its Disclosure Policy Feedly Summary: Google’s vulnerability finding team is again pushing the envelope of responsible disclosure: Google’s Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place,…

The Register: German security researchers say ‘Windows Hell No’ to Microsoft biometrics for biz

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/07/windows_hello_hell_no/ Source: The Register Title: German security researchers say ‘Windows Hell No’ to Microsoft biometrics for biz Feedly Summary: Hello loophole could let a rogue admin, or a pwned one, inject new facial scans Black Hat Microsoft is pushing hard for Windows users to shift from using passwords to its Hello biometrics system,…

Docker: MCP Horror Stories: The Supply Chain Attack

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.docker.com/blog/mcp-horror-stories-the-supply-chain-attack/ Source: Docker Title: MCP Horror Stories: The Supply Chain Attack Feedly Summary: This is Part 2 of our MCP Horror Stories series, an in-depth look at real-world security incidents exposing the vulnerabilities in AI infrastructure, and how the Docker MCP Toolkit delivers enterprise-grade protection. The Model Context Protocol (MCP) promised to be…

The Register: Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/07/microsoft_cisa_warn_yet_another/ Source: The Register Title: Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’ Feedly Summary: No reported in-the-wild exploits…yet Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange…

Tag: vulnerability