Aggregator

Akeyless has launched Akeyless SecretlessAI, a solution purpose-built to secure AI agents and Model Context Protocol (MCP) servers. As enterprises accelerate AI adoption, these autonomous systems are increasingly entrusted with accessing sensitive data, APIs, and internal tools to fulfill their tasks. This shift demands a new security paradigm — one that protects machine-to-machine communication at scale, without compromising agility or trust. AI agents now operate in dynamic, distributed environments and frequently act on behalf of … More →

The post Akeyless SecretlessAI protects machine-to-machine communication appeared first on Help Net Security.

谷歌Gemini for Workspace可以被利用来生成看似合法但包含恶意指令或警告的电子邮件摘要，这些指令可能不使用附件或直接链接将用户引导到网络钓鱼网站。

这种攻击利用隐藏在电子邮件中的间接提示注入，而Gemini在生成消息摘要时遵循这些提示注入。尽管自2024年以来一直有类似的快速攻击报告，安全研究人员也实施了防范措施来阻止误导性响应，但该技术仍然是防不胜防的。

Gemini漏洞攻击

Mozilla的GenAI漏洞赏金计划经理Marco Figueroa（研究员）发现，谷歌的Gemini模型遭受了一次提示注入攻击。这个过程包括为Gemini创建一封带有无形指示的电子邮件。攻击者可以使用HTML和CSS将字体大小设置为0，颜色设置为白色，将恶意指令隐藏在消息末尾的正文文本中。

制作恶意邮件

恶意指令不会在Gmail中呈现，并且由于没有附件或链接，因此消息极有可能到达潜在目标的收件箱。如果收件人打开电子邮件并要求Gemini生成电子邮件摘要，谷歌的人工智能工具将解析这个看不见的指令并服从它。

Figueroa提供的一个示例显示Gemini遵循隐藏的指令，并包含关于用户Gmail密码被泄露的安全警告，以及支持电话号码。

Gemini漏洞总结结果送达用户

由于许多用户很可能相信Gemini的输出是谷歌Workspace功能的一部分，因此很有可能将此警报视为合法警告，而不是恶意注入。

Figueroa提供了一些检测和缓解方法，安全团队可以应用这些方法来防止此类攻击。一种方法是删除、中和或忽略被设计为隐藏在正文中的内容。

另一种方法是实现一个后处理过滤器，该过滤器扫描Gemini输出以查找紧急消息、网址或电话号码，并标记消息以进行进一步审查。

Cloudflare has revealed that a 62-minute global outage of its popular 1.1.1.1 DNS resolver service on July 14, 2025, was caused by an internal configuration error rather than an external attack, though the incident coincided with an unrelated BGP hijack that complicated the situation. The outage, which lasted from 21:52 UTC to 22:54 UTC, affected […]

The post Cloudflare Confirms BGP Hijack Behind 1.1.1.1 DNS Disruption appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

You must login to view this content

In this Help Net Security interview, Cindy Segond von Banchet CC, Cybersecurity Lead at Yokogawa Europe, shares her insights on what defines a sustainable OT security program. She outlines the key differences between short-term fixes and long-term resilience, and discusses how organizations can embed OT security within broader risk frameworks. From addressing legacy system vulnerabilities to integrating OT into existing SOC operations, she covers topics such as visibility, training, and alignment with global standards like … More →

The post What a mature OT security program looks like in practice appeared first on Help Net Security.

A statute that requires identity verification to read news articles or shop for groceries would be problematic; one that does so for pornography is catastrophic.

The post “Prove Your Age, Lose Your Privacy”: How Free Speech Coalition v. Paxton Turns Porn Sites into Surveillance Platforms appeared first on Security Boulevard.

Operation Eastwood, coordinated by Europol and Eurojust, successfully dismantled the hacktivist collective’s global infrastructure consisting of over 100 servers worldwide. The joint action involved authorities from 12 core countries including Germany, France, Spain, the Netherlands, United States, and others, with additional support from eight nations. The takedown yielded significant enforcement outcomes: two arrests in France and Spain, seven […]

The post Europol Takes Down NoName057(16)’s Global Network of Over 100 Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.