This posting is here to collect cyber security news in August 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in August 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
251 Comments
Tomi Engdahl says:
https://www.phoronix.com/news/Linux-ASI-Lower-Overhead
Tomi Engdahl says:
https://cybersecuritynews.com/soupdealer-malware-bypasses-every-sandbox/
Tomi Engdahl says:
Microsoft Dissects PipeMagic Modular Backdoor
https://www.securityweek.com/microsoft-dissects-pipemagic-modular-backdoor/
PipeMagic, which poses as a ChatGPT application, is a modular malware framework that provides persistent access and flexibility.
Microsoft has delved into the inner workings of PipeMagic, a modular backdoor used in multiple ransomware attacks since the beginning of this year.
Posing as a legitimate open source ChatGPT Desktop Application, PipeMagic is a sophisticated malware framework that provides attackers with persistent access to the compromised system.
The backdoor uses modules for its various capabilities, such as command-and-control (C&C) communication, and is able to dynamically execute payloads and provide the attackers with granular control over code execution, Microsoft explains.
“By offloading network communication and backdoor tasks to discrete modules, PipeMagic maintains a modular, stealthy, and highly extensible architecture, making detection and analysis significantly challenging,” the company notes.
Tomi Engdahl says:
Data Breaches
1.1 Million Unique Records Identified in Allianz Life Data Leak
https://www.securityweek.com/1-1-million-unique-records-identified-in-allianz-life-data-leak/
Have I Been Pwned has analyzed the information made public by the hackers who recently targeted Allianz Life.
Tomi Engdahl says:
https://www.securityweek.com/australias-tpg-telecom-investigating-iinet-hack/
Tomi Engdahl says:
Gabbard Says UK Scraps Demand for Apple to Give Backdoor Access to Data
Britain abandoned its demand that Apple provide backdoor access to any encrypted user data stored in the cloud.
https://www.securityweek.com/gabbard-says-uk-scraps-demand-for-apple-to-give-backdoor-access-to-data/
Tomi Engdahl says:
https://www.securityweek.com/gambling-tech-firm-bragg-discloses-cyberattack/
Tomi Engdahl says:
Hacktivist Sentenced to 20 Months of Prison in UK
https://www.securityweek.com/hacktivist-sentenced-to-20-months-of-prison-in-uk/
Al-Tahery Al-Mashriky of the Yemen Cyber Army has been accused of hacking into and defacing many websites as part of hacktivist campaigns.
Tomi Engdahl says:
https://www.securityweek.com/new-exploit-poses-threat-to-sap-netweaver-instances/
Tomi Engdahl says:
New Research Links VPN Apps, Highlights Security Deficiencies
https://www.securityweek.com/new-research-links-vpn-apps-highlights-security-deficiencies/
Citizen Lab has identified links between multiple VPN providers, and multiple security weaknesses in their mobile applications.
Nearly two dozen VPN applications in Google Play contain security weaknesses impacting the privacy of their users, exposing transmitted data to decryption, a new Citizen Lab report shows.
Furthermore, the VPN providers that offer these applications can be linked to one another, although they claim to be separate entities and use various means to hide their true identities.
Starting from previous reports linking Innovative Connecting, Autumn Breeze, and Lemon Clove, three VPN providers claiming to be based in Singapore, to a Chinese national, Citizen Lab’s analysis identified additional connections between their applications, and linked other VPN apps and their providers.
According to Citizen Lab’s report (PDF), eight VPN applications from Innovative Connecting, Autumn Breeze, and Lemon Clove share code, dependencies, and hardcoded passwords, potentially allowing attackers to decrypt the traffic of their users. These apps have over 380 million combined downloads in Google Play.
Tomi Engdahl says:
https://www.securityweek.com/help-desk-at-risk-scattered-spider-shines-light-on-overlook-threat-vector/
Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector
As attackers target help desks and identity systems, traditional security perimeters are proving insufficient against agile, socially-engineered threats.
Tomi Engdahl says:
Robert McMillan / Wall Street Journal:
Federal prosecutors charge an Oregon man with operating the Rapper Bot, one of the most powerful DDoS botnets ever seen, which knocked X offline earlier in 2025 — The Rapper Bot network knocked out Elon Musk’s X social-media site earlier this year, cybersecurity researchers say
Oregon Man Accused of Operating One of Most Powerful Attack ‘Botnets’ Ever Seen
The Rapper Bot network knocked out Elon Musk’s X social-media site earlier this year, cybersecurity researchers say
https://www.wsj.com/tech/oregon-man-accused-of-operating-one-of-most-powerful-attack-botnets-ever-seen-380b2caf?st=TeAk2p&reflink=desktopwebshare_permalink
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17794-microsoftin-copilotista-loeytyi-vakava-haavoittuvuus
Microsoftin 365 Copilotista paljastui kesällä vakava EchoLeak-haavoittuvuus, mutta yhtiö on jo paikannut sen. Kyseessä oli niin sanottu zero-click-tyyppinen hyökkäys, joka mahdollisti yritysten arkaluontoisen tiedon vuotamisen ilman käyttäjän minkäänlaista toimintaa.
Haavoittuvuuden löysi alun perin israelilainen kyberturvayhtiö AIM Security, ja sen laajempia vaikutuksia on sittemmin arvioinut muun muassa tietoturvayhtiö Check Pointin tutkimuslaitos. Haavoittuvuus tunnetaan tunnuksella CVE-2025-32711 ja lempinimellä EchoLeak.
Tomi Engdahl says:
https://www.securityweek.com/high-severity-vulnerabilities-patched-in-chrome-firefox/
Tomi Engdahl says:
Vulnerabilities
Intel Employee Data Exposed by Vulnerabilities
A researcher said he found vulnerable internal services that exposed the information of 270,000 Intel employees.
https://www.securityweek.com/intel-employee-data-exposed-by-vulnerabilities/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17799-varo-verkkokauppojen-halpoja-reitittimiae
Share on Facebook Share on Twitter Share on LinkedIn
Varo verkkokauppojen halpoja reitittimiä
Julkaistu: 20.08.2025
Devices Networks
Kuituoperaattori Valoo varoittaa halpakaupoista ostetuista verkkolaitteista: ne voivat vaarantaa koko kotiverkon tietoturvan. Yhä useammin ulkomaisista verkkokaupoista hankitut reitittimet, digiboksit ja valvontakamerat osoittautuvat ongelmallisiksi. Pahimmillaan internetyhteys joudutaan katkaisemaan, jos laite saastuu ja alkaa osallistua kyberrikollisten hyökkäyksiin.
Myös asiantuntijat muistuttavat, ettei ongelma rajoitu vain kiinalaisiin verkkokauppoihin. Etteplanin myyntijohtaja Antti Tolvanen huomauttaa, että halpoja ja suojaamattomia laitteita voi päätyä markkinoille monenlaisten nettikanavien kautta, myös Euroopasta käsin.
- RED 3(3)def -direktiivin uudet vaatimukset pyrkivät parantamaan tilannetta, mutta esimerkiksi kiinalaiset toimijat eivät välitä EU:n säännöksistä. Silti tärkein ohje on yksinkertainen: hanki verkkolaite uskottavalta EU/ETA-toimijalta, esimerkiksi operaattorilta, Tolvanen sanoo.
Jos verkkokaupan kautta tilattu laite ei täytä säädöksiä, radiolain mukaan vastuu on lähtökohtaisesti myyjällä. Käyttäjälle ei ole säädetty rangaistuksia laitteen käytöstä, mutta hän voi silti menettää nettiyhteytensä, jos operaattori joutuu sulkemaan sen.
– Emme tee tätä kiusallamme, vaan asiakkaan eduksi. Yhteys avataan, kun laite on turvassa, Kim Heikkinen sanoo.
Tomi Engdahl says:
https://hackaday.com/2025/08/20/death-of-the-cheque-australia-moves-on/
Tomi Engdahl says:
Europol Says Qilin Ransomware Reward Fake
A $50,000 reward from Europol for two members of the Qilin ransomware group is a ‘scam’, according to the law enforcement agency.
https://www.securityweek.com/europol-says-qilin-ransomware-reward-fake/
Tomi Engdahl says:
GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models
Instead of GPT-5 Pro, your query could be quietly redirected to an older, weaker model, opening the door to jailbreaks, hallucinations, and unsafe outputs.
https://www.securityweek.com/gpt-5-has-a-vulnerability-it-may-not-be-gpt-5-answering-your-call/
Tomi Engdahl says:
Slow and Steady Security: Lessons from the Tortoise and the Hare
By focusing on fundamentals, enterprises can avoid the distraction of hype and build security programs that are consistent, resilient, and effective over the long run.
https://www.securityweek.com/slow-and-steady-security-lessons-from-the-tortoise-and-the-hare/
Tomi Engdahl says:
Elastic Refutes Claims of Zero-Day in EDR Product
Elastic has found no evidence of a vulnerability leading to RCE after details and PoC of a Defend EDR bypass were published online.
https://www.securityweek.com/elastic-refutes-claims-of-zero-day-in-edr-product/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2025/08/21/sahkoautojen-latausinfrassa-voi-piilla-kyberuhkia/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17804-tietojen-kalastelusta-on-tullut-ammattimaista-palvelua
Tomi Engdahl says:
Wi-Fi tunnistaa henkilön ilman kameraa
https://etn.fi/index.php/13-news/17803-wi-fi-tunnistaa-henkiloen-ilman-kameraa
Rooman Sapienza-yliopiston tutkijat ovat kehittäneet WhoFi-järjestelmän, joka kykenee tunnistamaan ihmiset ilman kameraa pelkästään Wi-Fi-signaalien avulla. Ratkaisu hyödyntää langattomien reitittimien tuottamaa Channel State Information (CSI) -dataa, joka sisältää yksilöllisiä piirteitä ihmisen kehon rakenteesta, liikkeistä ja jopa sisäisestä koostumuksesta.
Käytännössä Wi-Fi-signaalin kulku vääristyy eri tavoin riippuen siitä, kuka sen tiellä liikkuu – ja tämä vääristymä toimii henkilön ainutlaatuisena “radiobiometrisena allekirjoituksena”.
Tomi Engdahl says:
Nathaniel Mott / Tom’s Hardware:
GFW Report: on August 20, China’s Great Firewall blocked all TCP port 443 traffic, used for HTTPS, for ~74 minutes, an unusual move; the cause may be accidental
China’s Great Firewall blocked all traffic to a common HTTPS port for over an hour, severing connection to the outside world — with no hint as to its intention
News
By Nathaniel Mott published 21 hours ago
The cause of the incident could be intentional or accidental
https://www.tomshardware.com/tech-industry/cyber-security/chinas-great-firewall-blocked-all-traffic-to-a-common-https-port-for-over-an-hour-with-no-hint-as-to-its-intention
Tomi Engdahl says:
Turning Human Vulnerability Into Organizational Strength
Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and the deployment of layered technical controls.
https://www.darkreading.com/vulnerabilities-threats/human-vulnerability-organizational-strength
Tomi Engdahl says:
https://www.cnx-software.com/2025/08/08/disruptorx-v2-an-esp32-based-ble-penetration-testing-device-with-sour-apple-exploit-mode/
Tomi Engdahl says:
https://www.forbes.com/sites/zakdoffman/2025/08/16/microsoft-issues-free-update-offer-to-millions-of-windows-users/
Tomi Engdahl says:
https://cybernews.com/security/featured-chrome-vpn-cought-spying-on-users/
Tomi Engdahl says:
FBI warns of Russian hacks targeting US critical infrastructure
https://www.reuters.com/world/us/fbi-warns-russian-hacks-targeting-us-critical-infrastructure-2025-08-20/
Tomi Engdahl says:
China’s Great Firewall blocked all traffic to a common HTTPS port for over an hour, severing connection to the outside world — with no hint as to its intention
News
By Nathaniel Mott published 2 days ago
The cause of the incident could be intentional or accidental
https://www.tomshardware.com/tech-industry/cyber-security/chinas-great-firewall-blocked-all-traffic-to-a-common-https-port-for-over-an-hour-with-no-hint-as-to-its-intention
Tomi Engdahl says:
China cut itself off from the global internet for an hour on Wednesday
Great Firewall took out all traffic to port 443 at a time Beijing didn’t have an obvious need to keep its netizens in the dark
https://www.theregister.com/2025/08/21/china_port_443_block_outage/
Tomi Engdahl says:
https://cybersecuritynews.com/windows-remote-desktop-services-vulnerability-deny/#google_vignette
Tomi Engdahl says:
Windows lets anyone on your WiFi hijack your connection with IPv6
https://cybernews.com/security/hackers-can-abuse-ipv6-to-hijack-networks/
A dormant IPv6 feature is a backdoor for Windows attackers, security researchers warn. Enabled by default, if unused and left unchecked, it can lead to a complete domain compromise.
IPv6 might not be widely used, but Windows enables it by default and prioritizes it over the older IPv4 version, which has very serious security repercussions.
If hackers have access to a single device on the network, even an IoT one, they can transform it into a fake configuration and DNS server. Windows computers will trust and prefer malicious instructions over the existing IPv4 configuration.
Tomi Engdahl says:
https://www.lightreading.com/open-ran/researchers-recap-some-security-downsides-to-open-ran
Tomi Engdahl says:
Multiple Critical Flaws Hit Zero Trust Products from Check Point, Zscaler, and Netskope
https://gbhackers.com/multiple-critical-flaws-hit-zero-trust-products/#google_vignette
Tomi Engdahl says:
https://blog.trailofbits.com/2025/08/08/buttercup-is-now-open-source/
Tomi Engdahl says:
Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands
https://cybersecuritynews.com/flipper-zero-darkweb-firmware/#google_vignette
A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft.
Demonstrations by the YouTube channel “Talking Sasquach” reveal that the firmware, said to be circulating on the dark web, can clone a vehicle’s keyfob with just a single, brief signal capture.
Tomi Engdahl says:
“Consider the dropping of literally every bit of personal info you have… as a warning for people in the future.” https://trib.al/S4ODTvO
Man’s Entire Life Destroyed After Downloading AI Software
https://futurism.com/the-byte/life-destroyed-ai?fbclid=IwQ0xDSwMXmpVjbGNrAxeaVWV4dG4DYWVtAjExAAEetxCKpwZU-LDsdUhEbIcw-qCqNaHmm__qQGHo7BAqA9MDj98Lrs8_OJP2E1w_aem_F_keaXi_ug8u0DLjr_Dovw
“It’s impossible to convey the sense of violation.”
Last February, Disney employee Matthew Van Andel downloaded what seemed like a helpful AI tool from the developer site GitHub.
Little did he know that the decision would totally upend his life — resulting in everything from his credit cards to social security number being leaked to losing his job, as the Wall Street Journal reports.
The software, an AI image generator, worked as advertised. But embedded into its files was a piece of malware, which a tenacious hacker used to probe Van Andel’s password manager. Van Andel found out after the hacker, going by the name “Nullbulge,” sent him an ominous message on Discord, a chat and VoIP platform popular with gamers.
That’s what alerted him that this wasn’t your typical spam message. In followup emails, the hacker threatened that if Van Andel didn’t give into their demands, he’d “end up on the net.”
The next day, the hacker used Van Andel’s work credentials to perpetrate a massive data leak at Disney, dumping everything from private customer info to internal revenue numbers online. Van Andel’s personal info was caught in the mix, including financial accounts — suddenly barraged with unsolicited bills — his social media, and even his children’s Roblox logins.
In a blog post, the hacker gloated about the attack, naming Van Andel.
“1.1 terabytes of data, almost 10,000 channels, every message file possible, dumped,” wrote Nullbulge, per a WSJ screenshot. “We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out! I thought we had something special Matthew J Van Andel!”
“Consider the dropping of literally every bit of personal info you have… as a warning for people in the future,” the hacker added.
Van Andel claims that he immediately contacted Disney’s cybersecurity “fire team” after he received the threats from the hacker. Their investigation found nothing on his work computer, but they recommended Van Andel run a thorough check on his personal desktop.
An anti-virus scan turned up the malware. But at that point, it was too late. The hacker had already gleaned enough to leak Disney’s data and ruin Van Andel’s life.
Van Andel knew the only way the hacker could have gained such extensive access was through his password manager, 1Password. It turned out that Van Andel had failed to secure the software with two-factor authentication. The hacker likely emplaced a keylogging Trojan virus on his home computer via the AI tool, at which point they’d have “nearly unrestricted access,” a 1Password spokesman told WSJ.
Eleven days after the leak, Disney called Van Andel to tell him he was fired, depriving him of about $200,000 in bonuses and his family’s healthcare. The company claimed that it found evidence that he’d accessed pornographic material on his work computer — claims that Van Andel firmly denies.
“I’m the one who got hacked,”
Tomi Engdahl says:
That wasn’t because of “AI” at all, it was because some guy downloaded sketchy software off GitHub that had malware baked into it. The whole thing was designed to steal personal info. That’s why it happened, not because he told an AI his secrets. The headline’s just clickbait.
Tomi Engdahl says:
xAI made people’s conversations with its chatbot public and searchable on Google without warning — including a detailed plan for the assassination of Elon Musk and explicit instructions for making fentanyl and bombs.
Elon Musk’s xAI Published Hundreds Of Thousands Of Grok Chatbot Conversations
xAI made people’s conversations with its chatbot public and searchable on Google without warning — including a detailed plan for the assassination of Elon Musk and explicit instructions for making fentanyl and bombs.
https://www.forbes.com/sites/iainmartin/2025/08/20/elon-musks-xai-published-hundreds-of-thousands-of-grok-chatbot-conversations/?utm_source=ForbesMainFacebook&utm_medium=social&utm_campaign=socialflowForbesMainFB&fbclid=IwQ0xDSwMXzMZleHRuA2FlbQIxMQABHkapxvoSgc5gzGbBR7J1KYZmiRP5JUg-92ER1aFokhWim686hJ8fcNbq-Rp__aem_v7TJ2EJXgBuSfL42LkYWDA
Tomi Engdahl says:
https://hackaday.com/2025/08/22/this-week-in-security-anime-catgirls-illegal-adblock-and-disputed-research/
Copilot, Don’t Tell Anyone
Microsoft’s Office365 has an audit log, that tracks which users access given files. Running Copilot in that environment dutifully logs those file accesses, but only if Copilot actually returns a link to the document. So similar to other techniques where an AI can be convinced to do something unintended, a user can ask Copilot to return the contents of a file but not to link to it. Copilot will do as instructed, and the file isn’t listed in the audit log as accessed.
Where this gets more interesting is how the report and fix was handled. Microsoft didn’t issue a CVE, fixed the issue, but opted not to issue a statement. [Zack Korman], the researcher that reported the issue, disagrees quite vigorously with Microsoft’s decision here. This is an interesting example of the tension that can result from disagreements between researcher and the organization responsible for the product in question.
Copilot Broke Your Audit Log, but Microsoft Won’t Tell You
https://pistachioapp.com/blog/copilot-broke-your-audit-log
Tomi Engdahl says:
https://phrack.org/
Tomi Engdahl says:
Mozilla warns Germany could soon declare ad blockers illegal
https://www.bleepingcomputer.com/news/legal/mozilla-warns-germany-could-soon-declare-ad-blockers-illegal/
A recent ruling from Germany’s Federal Supreme Court (BGH) has revived a legal battle over whether browser-based ad blockers infringe copyright, raising fears about a potential ban of the tools in the country.
The case stems from online media company Axel Springer’s lawsuit against Eyeo – the maker of the popular Adblock Plus browser extension.
Axel Springer says that ad blockers threaten its revenue generation model and frames website execution inside web browsers as a copyright violation.
This is grounded in the assertion that a website’s HTML/CSS is a protected computer program that an ad blocker intervenes in the in-memory execution structures (DOM, CSSOM, rendering tree), this constituting unlawful reproduction and modification.
Previously, this claim was rejected by a lower-level court in Hamburg, but a new ruling by the BGH found the earlier dismissal flawed and overturned part of the appeal, sending the case back for examination.
Mozilla’s Senior IP & Product Counsel, Daniel Nazer, delivered a warning last week, noting that due to the underlying technical background of the legal dispute, the ban could also impact other browser extensions and hinder users’ choices.
“There are many reasons, in addition to ad blocking, that users might want their browser or a browser extension to alter a webpage,” Nazer says, explaining that some causes could stem from the need “to improve accessibility, to evaluate accessibility, or to protect privacy.”
As per BGH’s ruling, Springer’s argument needs to be re-examined to determine if DOM, CSS, and bytecode count as a protected computer program and whether the ad blocker’s modifications are lawful.
While ad blockers haven’t been outlawed, Springer’s case has been revived now, and there’s a real possibility that things may take a different turn this time.
Mozilla noted that the new proceedings could take up to a couple of years to reach a final conclusion. As the core issue is not settled, there is a future risk of extension developers to be held liable for financial losses.
Mozilla explains that, in the meantime, the situation could cause a chilling effect on browser users’ freedom, with browser developers locking down their apps further, and extension developers limiting the functionality of their tools to avoid legal troubles.
Tomi Engdahl says:
CPAP Medical Data Breach Impacts 90,000 People
CPAP Medical Supplies and Services has disclosed a data breach resulting from an intrusion that occurred in December 2024.
https://www.securityweek.com/cpap-medical-data-breach-impacts-90000-people/
Tomi Engdahl says:
Vulnerabilities
MITRE Updates List of Most Common Hardware Weaknesses
MITRE has updated the list of Most Important Hardware Weaknesses to align it with evolving hardware security challenges.
https://www.securityweek.com/mitre-updates-list-of-most-common-hardware-weaknesses/
The non-profit MITRE Corporation this week published a revised CWE Most Important Hardware Weaknesses (MIHW) to align it with the evolution of the hardware security landscape.
Initially released in 2021, the CWE MIHW list includes frequent errors that lead to critical hardware vulnerabilities, and is meant to raise awareness within the community, to help eradicate hardware flaws from the start.
The updated list includes 11 entries and comes with new classes, categories, and base weaknesses, but retains five of the entries that were included in the 2021 CWE MIHW list. It shows a focus on resource reuse, debug mode bugs, and fault injection.
‘CWE-226: Sensitive Information in Resource Not Removed Before Reuse’ is at the top of MITRE’s 2025 CWE MIHW list.
https://cwe.mitre.org/topHW/archive/2025/2025_CWE_MIHW.html
Tomi Engdahl says:
Rick Whiting / CRN:
Tel Aviv-based Seemplicity, whose AI-based tech automates enterprise vulnerability and exposure management, raised a $50M Series B led by Sienna Venture Capital
Remediation Operations Startup Seemplicity Raises $50M In New Funding
By Rick Whiting
August 20, 2025, 11:17 AM EDT
https://www.crn.com/news/software/2025/remediation-operations-startup-seemplicity-raises-50m-in-new-funding
Seemplicity plans to use the additional financing to boost the AI capabilities of its platform and rapidly expand its go-to-market efforts.
Tomi Engdahl says:
Sarah Perez / TechCrunch:
Bluesky blocks access to its service in Mississippi, saying it doesn’t have the resources to comply with the state’s broad new law requiring age verification
Bluesky blocks service in Mississippi over age assurance law
https://techcrunch.com/2025/08/24/bluesky-blocks-service-in-mississippi-over-age-assurance-law/
Social networking startup Bluesky has made the decision to block access to its service in the state of Mississippi, rather than comply with a new age assurance law.
In a blog post published on Friday, the company explains that, as a small team, it doesn’t have the resources to make the substantial technical changes this type of law would require, and it raised concerns about the law’s broad scope and privacy implications.
Mississippi’s HB 1126 requires platforms to introduce age verification for all users before they can access social networks like Bluesky. On Thursday, U.S. Supreme Court justices decided to block an emergency appeal that would have prevented the law from going into effect as the legal challenges it faces played out in the courts.
As a result, Bluesky had to decide what it would do about compliance.
Instead of requiring age verification before users could access age-restricted content, this law requires age verification of all users. That means Bluesky would have to verify every user’s age and obtain parental consent for anyone under 18. The company notes that the potential penalties for noncompliance are hefty, too — up to $10,000 per user.
Tomi Engdahl says:
Brave:
Researchers detail an indirect prompt injection flaw in Perplexity’s Comet AI browser, letting attackers manipulate it into performing unauthorized actions
Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
https://brave.com/blog/comet-prompt-injection/
The threat of instruction injection
At Brave, we’re developing the ability for our in-browser AI assistant Leo to browse the Web on your behalf, acting as your agent. Instead of just asking “Summarize what this page says about London flights”, you can command: “Book me a flight to London next Friday.” The AI doesn’t just read, it browses and completes transactions autonomously. This will significantly expand Leo’s capabilities while preserving Brave’s privacy guarantees and maintaining robust security guardrails to protect your data and browsing sessions.
This kind of agentic browsing is incredibly powerful, but it also presents significant security and privacy challenges. As users grow comfortable with AI browsers and begin trusting them with sensitive data in logged in sessions—such as banking, healthcare, and other critical websites—the risks multiply. What if the model hallucinates and performs actions you didn’t request? Or worse, what if a benign-looking website or a comment left on a social media site could steal your login credentials or other sensitive data by adding invisible instructions for the AI assistant?
The vulnerability we’re discussing in this post lies in how Comet processes webpage content: when users ask it to “Summarize this webpage,” Comet feeds a part of the webpage directly to its LLM without distinguishing between the user’s instructions and untrusted content from the webpage. This allows attackers to embed indirect prompt injection payloads that the AI will execute as commands. For instance, an attacker could gain access to a user’s emails from a prepared piece of text in a page in another tab.
Tomi Engdahl says:
https://www.securityweek.com/intel-employee-data-exposed-by-vulnerabilities/