Pulse of Truth

1923 readers

52 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

Anthropic's Cowork Shipped With Known Vulnerability (www.bankinfosecurity.com)

submitted 1 day ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

2 comments fedilink hide all child comments

AI Agent Can Access File Upload API to Exfiltrate DocumentsSecurity researchers have demonstrated how Anthropic's new Claude Cowork productivity agent can be tricked into stealing user files and uploading them to an attacker's account, exploiting a vulnerability the company allegedly knew about.

you are viewing a single comment's thread
view the rest of the comments

[–] j4k3@lemmy.world 1 points 1 day ago (1 children)

We need DNS filtering to work on outgoing packages by default, and to make whitelist DNS stupid simple to implement for any parent and child processes. It should be as simple as launching with the command, including a preconfigured whitelist, and a pop-up message for "approve, deny, prepend to list." System wide and incoming packet filtering is insufficient for the modern world.

[–] leds@feddit.dk 1 points 1 day ago

But this is uploading the data to same api it uses in the first place, just uploads it to someone else's account.