Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data.
Check Point says outbound controls blocked web traffic but overlooked DNS OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed.…
Also: EU Bans AI Tools, Notepad++ Secures Updater, Apple Patches iOS Zero-DayThis week, Cambodia shuttered 200 scam centers. EU Parliament banned AI tools. Canada Goose disputed a ShinyHunters leak. Notepad++ patched an updater flaw. Apple fixed a decades-old iOS zero-day. BeyondTrust and Dell patched critical flaws under active exploitation.
More fun with AI agents and their security holes A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that they were able to buy for a measly five bucks.…
Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's machine, and run arbitrary code.…
The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.
Let's take a quick dive into Windows API Microsoft in March fixed an interesting security hole in Outlook that was exploited by miscreants to leak victims' Windows credentials. This week the IT giant fixed that fix as part of its monthly Patch Tuesday update.…