Experimental News Clipping Site

Tag: vulnerability

  • Slashdot: Apple Fixes Zero-Day Exploited In ‘Extremely Sophisticated’ Attacks

    by

    Kurt Seifried
    in

    Source URL: https://apple.slashdot.org/story/25/02/10/217213/apple-fixes-zero-day-exploited-in-extremely-sophisticated-attacks?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Apple Fixes Zero-Day Exploited In ‘Extremely Sophisticated’ Attacks Feedly Summary: AI Summary and Description: Yes Summary: Apple has issued urgent security updates for iOS 18.3.1 and iPadOS 18.3.1 to fix a critical zero-day vulnerability exploited in sophisticated targeted attacks. The flaw compromised the USB Restricted Mode, critical for data…

  • Hacker News: Kaspersky finds hardware backdoor in 5 generations of Apple Silicon (2024)

    by

    Kurt Seifried
    in

    Source URL: https://www.xstore.co.za/stuff/2024/01/kaspersky-finds-hardware-backdoor-in-5-generations-of-apple-silicon/ Source: Hacker News Title: Kaspersky finds hardware backdoor in 5 generations of Apple Silicon (2024) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant security concern regarding a hardware backdoor found in Apple’s silicon. Identified as CVE-2023-38606, this vulnerability reportedly affects five generations of Apple mobile CPUs,…

  • Embrace The Red: Hacking Gemini’s Memory with Prompt Injection and Delayed Tool Invocation

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/ Source: Embrace The Red Title: Hacking Gemini’s Memory with Prompt Injection and Delayed Tool Invocation Feedly Summary: Imagine your AI rewriting your personal history… A while ago Google added memories to Gemini. Memories allow Gemini to store user-related data across sessions, storing information in long-term memory. The feature is only available to…

  • Cisco Talos Blog: Small praise for modern compilers – A case of Ubuntu printing vulnerability that wasn’t

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/small-praise-for-modern-compilers-a-case-of-ubuntu-printing-vulnerability-that-wasnt/ Source: Cisco Talos Blog Title: Small praise for modern compilers – A case of Ubuntu printing vulnerability that wasn’t Feedly Summary: By Aleksandar NikolichEarlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention.…

  • The Cloudflare Blog: QUIC action: patching a broadcast address amplification vulnerability

    by

    Kurt Seifried
    in

    Source URL: https://blog.cloudflare.com/mitigating-broadcast-address-attack/ Source: The Cloudflare Blog Title: QUIC action: patching a broadcast address amplification vulnerability Feedly Summary: Cloudflare was recently contacted by researchers who discovered a broadcast amplification vulnerability through their QUIC Internet measurement research. We’ve implemented a mitigation. AI Summary and Description: Yes **Summary:** This text discusses a recently discovered vulnerability in Cloudflare’s…

  • The GenAI Bug Bounty Program | 0din.ai: The GenAI Bug Bounty Program

    by

    Kurt Seifried
    in

    Source URL: https://0din.ai/blog/odin-secures-the-future-of-ai-shopping Source: The GenAI Bug Bounty Program | 0din.ai Title: The GenAI Bug Bounty Program Feedly Summary: AI Summary and Description: Yes Summary: This text delves into a critical vulnerability uncovered in Amazon’s AI assistant, Rufus, focusing on how ASCII encoding allowed malicious requests to bypass existing guardrails. It emphasizes the need for…

  • Slashdot: How To Make Any AMD Zen CPU Always Generate 4 As a Random Number

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/02/09/2021244/how-to-make-any-amd-zen-cpu-always-generate-4-as-a-random-number?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: How To Make Any AMD Zen CPU Always Generate 4 As a Random Number Feedly Summary: AI Summary and Description: Yes Summary: Google security researchers have identified a vulnerability in AMD’s security architecture, allowing them to inject unofficial microcode into processors, which can compromise the integrity of virtual environments…

  • Hacker News: How (not) to sign a JSON object (2019)

    by

    Kurt Seifried
    in

    Source URL: https://www.latacora.com/blog/2019/07/24/how-not-to/ Source: Hacker News Title: How (not) to sign a JSON object (2019) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides a detailed examination of authentication methods, focusing on signing JSON objects and the complexities of canonicalization. It discusses both symmetric and asymmetric cryptographic methods, particularly emphasizing the strengths…

  • Slashdot: DeepSeek IOS App Sends Data Unencrypted To ByteDance-Controlled Servers

    by

    Kurt Seifried
    in

    Source URL: https://slashdot.org/story/25/02/08/0531202/deepseek-ios-app-sends-data-unencrypted-to-bytedance-controlled-servers?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: DeepSeek IOS App Sends Data Unencrypted To ByteDance-Controlled Servers Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a security vulnerability in the mobile application DeepSeek, which transmits sensitive data over unencrypted channels, raising significant security and privacy concerns. It highlights the implications of using infrastructure provided…