Tag: vulnerability

—

by

Source URL: https://simonwillison.net/2025/Sep/24/cross-agent-privilege-escalation/ Source: Simon Willison’s Weblog Title: Cross-Agent Privilege Escalation: When Agents Free Each Other Feedly Summary: Cross-Agent Privilege Escalation: When Agents Free Each Other Here’s a clever new form of AI exploit from Johann Rehberger, who has coined the term Cross-Agent Privilege Escalation to describe an attack where multiple coding agents – GitHub…

Embrace The Red: Cross-Agent Privilege Escalation: When Agents Free Each Other

—

by

Source URL: https://embracethered.com/blog/posts/2025/cross-agent-privilege-escalation-agents-that-free-each-other/ Source: Embrace The Red Title: Cross-Agent Privilege Escalation: When Agents Free Each Other Feedly Summary: During the Month of AI Bugs, I described an emerging vulnerability pattern that shows how commonly agentic systems have a design flaw that allows an agent to overwrite its own configuration and security settings. This allows the…

Microsoft Security Blog: Retail at risk: How one alert uncovered a persistent cyberthreat

—

by

Source URL: https://www.microsoft.com/en-us/security/blog/2025/09/24/retail-at-risk-how-one-alert-uncovered-a-persistent-cyberthreat/ Source: Microsoft Security Blog Title: Retail at risk: How one alert uncovered a persistent cyberthreat Feedly Summary: In the latest edition of our Cyberattack Series, we dive into real-world cases targeting retail organizations. With 60% of retail companies reporting operational disruptions from cyberattacks and 43% experiencing breaches in the past year, the stakes…

Slashdot: Microsoft Will Let Copilot Take Control of Your Browser, Navigate Tabs and Complete Tasks As You Watch

—

by

Source URL: https://tech.slashdot.org/story/25/09/24/141223/microsoft-will-let-copilot-take-control-of-your-browser-navigate-tabs-and-complete-tasks-as-you-watch?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Microsoft Will Let Copilot Take Control of Your Browser, Navigate Tabs and Complete Tasks As You Watch Feedly Summary: AI Summary and Description: Yes Summary: Microsoft is redefining its Edge browser by integrating AI capabilities through Copilot, enabling a more intuitive and automated browsing experience. This transformation raises important…

Cloud Blog: Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign/ Source: Cloud Blog Title: Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors Feedly Summary: Written by: Sarah Yoder, John Wolfram, Ashley Pearson, Doug Bienstock, Josh Madeley, Josh Murchie, Brad Slaybaugh, Matt Lin, Geoff Carstairs, Austin Larsen Introduction Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is…

The Register: Cybercriminals cash out with casino giant’s employee data

—

by

Source URL: https://www.theregister.com/2025/09/24/boyd_gaming_casino_breach/ Source: The Register Title: Cybercriminals cash out with casino giant’s employee data Feedly Summary: Attackers hit jackpot after targeting Boyd Gaming Hotel and casino operator Boyd Gaming has disclosed a cyberattack to US regulators, warning that hackers may have stolen personal information belonging to employees and other individuals.… AI Summary and Description:…

The Register: Third time’s the charm? SolarWinds (again) patches critical Web Help Desk RCE

Sep 23, 2025

—

by

Source URL: https://www.theregister.com/2025/09/23/solarwinds_patches_rce/ Source: The Register Title: Third time’s the charm? SolarWinds (again) patches critical Web Help Desk RCE Feedly Summary: Or maybe 3 strikes, you’re out? SolarWinds on Tuesday released a hotfix – again – for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could allow a remote, unauthenticated…

The Register: OnePlus leaves researchers on read over Android bug that exposes texts

Sep 23, 2025

—

by

Source URL: https://www.theregister.com/2025/09/23/rapid7_oneplus_android_bug/ Source: The Register Title: OnePlus leaves researchers on read over Android bug that exposes texts Feedly Summary: Rapid7 warns flaw could let any app peek at your SMS, but smartphone vendor won’t pick up Security researchers report that OnePlus smartphone users remain vulnerable to a critical bug that allows any application to…

Docker: MCP Horror Stories: The Drive-By Localhost Breach

Sep 23, 2025

—

by