Embrace The Red

wunderwuzzi's blog
learn the hacks, stop the attacks.

Agents

AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection
How Prompt Injection Exposes Manus' VS Code Server to the Internet
How Deep Research Agents Can Leak Your Data
Sneaking Invisible Instructions by Developers in Windsurf
Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)
Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets
Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection
Amazon Q Developer: Remote Code Execution with Prompt Injection
Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection
Data Exfiltration via Image Rendering Fixed in Amp Code
Amp Code: Invisible Prompt Injection Fixed by Sourcegraph
Google Jules is Vulnerable To Invisible Prompt Injection
Jules Zombie Agent: From Prompt Injection to Remote Control
Google Jules: Vulnerable to Multiple Data Exfiltration Issues
GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)
Claude Code: Data Exfiltration with DNS (CVE-2025-55284)
ZombAI Exploit with OpenHands: Prompt Injection To Remote Code Execution
OpenHands and the Lethal Trifecta: How Prompt Injection Can Leak Access Tokens
AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection
How Devin AI Can Leak Your Secrets via Multiple Means
I Spent $500 To Test Devin AI For Prompt Injection So That You Don't Have To
Amp Code: Arbitrary Command Execution via Prompt Injection Fixed
Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)
Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation
Turning ChatGPT Codex Into A ZombAI Agent
Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection
The Month of AI Bugs 2025
Security Advisory: Anthropic's Slack MCP Server Vulnerable to Data Exfiltration
AI ClickFix: Hijacking Computer-Use Agents Using ClickFix