Infosec.Pub

As part of the Month of AI Bugs, serious vulnerabilities that allow remote code execution via indirect prompt injection were discovered. There was a period of a few weeks where multiple arbitrary code execution vulnerabilities existed in popular agents, like GitHub Copilot, Amazon Q, AWS Kiro,… During that time I was wondering if it would be possible to write an AI virus. Hence the idea of AgentHopper was born. This post is purely for educational purposes, and make sure to check the mitigations section at the end on tips to mitigate similar threats.

US and Dutch authorities shut down VerifTools, a major fake ID marketplace selling documents to bypass KYC checks and access accounts. Law enforcement in the US and the Netherlands dismantled VerifTools, a major fake ID marketplace selling ID documents to bypass KYC checks and gain unauthorized access to online accounts. Authorities seized two marketplace domains […]

Richard Bravo / Bloomberg: French President Emmanuel Macron vows a strong response if any country takes measures that undermine Europe's digital sovereignty  —  French President Emmanuel Macron vowed a strong response if any country takes measures that undermine Europe's digital sovereignty.

A court filing states that a government order against Apple would give it the capability to access communications and metadata of customers using the iCloud service anywhere in the world