Sep 23, 2025Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow attackers to bypass crucial verification steps and update the system with a specially crafted image. The medium-severity vulnerabilities, both of which stem from improper verification of a cryptographic signature, are listed below – …
Read More »Tag Archives: Malicious
Hackers discovered a sneaky way to steal data by hiding malicious prompts inside images processed by large language models
Malicious prompts remain invisible until image downscaling reveals hidden instructions The attack works by exploiting how AI resamples uploaded images Bicubic interpolation can expose black text from specially crafted images As AI tools become more integrated into daily work, the security risks attached to them are also evolving in new directions. Researchers at Trail of Bits have demonstrated a method …
Read More »Google to Verify All Android Developers in 4 Countries to Block Malicious Apps – The Hacker News
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps The Hacker News Google will block sideloading of unverified Android apps starting next year Ars Technica Google will require developer verification to install Android apps, including sideloading 9to5Google Google to block apps from all unverified developers, S’pore users among first to be affected The Straits Times Google’s Android Decision Makes Samsung …
Read More »Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval – The Hacker News
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval The Hacker News Several Vulnerabilities Patched in AI Code Editor Cursor SecurityWeek RCE Flaw in AI-Assisted Coding Tool Poses Software Supply Chain Risk Dark Reading AI-powered Cursor IDE vulnerable to prompt-injection attacks BleepingComputer Cursor IDE’s MCP Vulnerability Check Point Software Source link
Read More »Google Gemini for Workspace Vulnerability Lets Attackers Hide Malicious Scripts in Emails
Security researchers have uncovered a significant vulnerability in Google Gemini for Workspace that enables threat actors to embed hidden malicious instructions within emails. The attack exploits the AI assistant’s “Summarize this email” feature to display fabricated security warnings that appear to originate from Google itself, potentially leading to credential theft and social engineering attacks. Key Takeaways1. Attackers hide malicious instructions …
Read More »