Embrace The Red
wunderwuzzi's blog
learn the hacks, stop the attacks.
Home
Subscribe
Agents
Aug 26 2025
AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection
Aug 25 2025
How Prompt Injection Exposes Manus' VS Code Server to the Internet
Aug 24 2025
How Deep Research Agents Can Leak Your Data
Aug 23 2025
Sneaking Invisible Instructions by Developers in Windsurf
Aug 22 2025
Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)
Aug 21 2025
Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets
Aug 20 2025
Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection
Aug 19 2025
Amazon Q Developer: Remote Code Execution with Prompt Injection
Aug 18 2025
Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection
Aug 17 2025
Data Exfiltration via Image Rendering Fixed in Amp Code
Aug 16 2025
Amp Code: Invisible Prompt Injection Fixed by Sourcegraph
Aug 15 2025
Google Jules is Vulnerable To Invisible Prompt Injection
Aug 14 2025
Jules Zombie Agent: From Prompt Injection to Remote Control
Aug 13 2025
Google Jules: Vulnerable to Multiple Data Exfiltration Issues
Aug 12 2025
GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)
Aug 11 2025
Claude Code: Data Exfiltration with DNS (CVE-2025-55284)
Aug 10 2025
ZombAI Exploit with OpenHands: Prompt Injection To Remote Code Execution
Aug 09 2025
OpenHands and the Lethal Trifecta: How Prompt Injection Can Leak Access Tokens
Aug 08 2025
AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection
Aug 07 2025
How Devin AI Can Leak Your Secrets via Multiple Means
Aug 06 2025
I Spent $500 To Test Devin AI For Prompt Injection So That You Don't Have To
Aug 05 2025
Amp Code: Arbitrary Command Execution via Prompt Injection Fixed
Aug 04 2025
Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)
Aug 03 2025
Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation
Aug 02 2025
Turning ChatGPT Codex Into A ZombAI Agent
Aug 01 2025
Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection
Jul 28 2025
The Month of AI Bugs 2025
Jun 24 2025
Security Advisory: Anthropic's Slack MCP Server Vulnerable to Data Exfiltration
May 24 2025
AI ClickFix: Hijacking Computer-Use Agents Using ClickFix