Experimental News Clipping Site

Tag: vulnerability

  • Slashdot: Apple’s Find My Network Exploit Lets Hackers Silently Track Any Bluetooth Device

    by

    Kurt Seifried
    in

    Source URL: https://yro.slashdot.org/story/25/02/28/013227/apples-find-my-network-exploit-lets-hackers-silently-track-any-bluetooth-device?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Apple’s Find My Network Exploit Lets Hackers Silently Track Any Bluetooth Device Feedly Summary: AI Summary and Description: Yes Summary: Researchers have uncovered a critical vulnerability in Apple’s Find My network that allows attackers to secretly track Bluetooth devices, mimicking AirTag’s functionality. This exploit, termed “nRootTag,” boasts a 90%…

  • Schneier on Security: “Emergent Misalignment” in LLMs

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/02/emergent-misalignment-in-llms.html Source: Schneier on Security Title: “Emergent Misalignment” in LLMs Feedly Summary: Interesting research: “Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs“: Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model…

  • The Register: Wallbleed vulnerability unearths secrets of China’s Great Firewall 125 bytes at a time

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/27/wallbleed_vulnerability_great_firewall/ Source: The Register Title: Wallbleed vulnerability unearths secrets of China’s Great Firewall 125 bytes at a time Feedly Summary: Boffins poked around inside censorship engines for years before Beijing patched hole Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released their findings after probing it for…

  • The Register: Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/26/qualcomm_android_support/ Source: The Register Title: Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) Feedly Summary: Starting with Snapdragon 8 Elite and ‘droid 15 It seems manufacturers are finally getting the message that people want to use their kit for longer without security issues, as Qualcomm has said…

  • Hacker News: Exposed GitHub repos, now private, can be accessed through Copilot

    by

    Kurt Seifried
    in

    Source URL: https://techcrunch.com/2025/02/26/thousands-of-exposed-github-repos-now-private-can-still-be-accessed-through-copilot/ Source: Hacker News Title: Exposed GitHub repos, now private, can be accessed through Copilot Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the risks associated with data exposure in generative AI systems, particularly focusing on Microsoft Copilot’s ability to access previously public data from GitHub repositories, even after…

  • Anchore: Effortless SBOM Analysis: How Anchore Enterprise Simplifies Integration

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/effortless-sbom-analysis-how-anchore-enterprise-simplifies-integration/ Source: Anchore Title: Effortless SBOM Analysis: How Anchore Enterprise Simplifies Integration Feedly Summary: As software supply chain security becomes a top priority, organizations are turning to Software Bill of Materials (SBOM) generation and analysis to gain visibility into the composition of their software and supply chain dependencies in order to reduce risk.…

  • Simon Willison’s Weblog: Quoting Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Feb/25/emergent-misalignment/ Source: Simon Willison’s Weblog Title: Quoting Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs Feedly Summary: In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it asserts…

  • The Register: MITRE Caldera security suite scores perfect 10 for insecurity

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/25/10_bug_mitre_caldera/ Source: The Register Title: MITRE Caldera security suite scores perfect 10 for insecurity Feedly Summary: Is a trivial remote-code execution hole in every version part of the training, or? The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE’s Caldera security training platform has urged users to…

  • Hacker News: Hard problems that reduce to document ranking

    by

    Kurt Seifried
    in

    Source URL: https://noperator.dev/posts/document-ranking-for-complex-problems/ Source: Hacker News Title: Hard problems that reduce to document ranking Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the innovative application of large language models (LLMs) in document ranking, particularly for locating vulnerabilities in code patches. It presents a novel approach to addressing complex security problems by…

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/02/25/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability Users and administrators are also encouraged…