Embrace The Red
wunderwuzzi's blog
learn the hacks, stop the attacks.
Home
Subscribe
Month of Ai Bugs
Aug 18 2025
Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection
Aug 17 2025
Data Exfiltration via Image Rendering Fixed in Amp Code
Aug 16 2025
Amp Code: Invisible Prompt Injection Fixed by Sourcegraph
Aug 15 2025
Google Jules is Vulnerable To Invisible Prompt Injection
Aug 14 2025
Jules Zombie Agent: From Prompt Injection to Remote Control
Aug 13 2025
Google Jules: Vulnerable to Multiple Data Exfiltration Issues
Aug 12 2025
GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)
Aug 11 2025
Claude Code: Data Exfiltration with DNS (CVE-2025-55284)
Aug 10 2025
ZombAI Exploit with OpenHands: Prompt Injection To Remote Code Execution
Aug 09 2025
OpenHands and the Lethal Trifecta: How Prompt Injection Can Leak Access Tokens
Aug 08 2025
AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection
Aug 07 2025
How Devin AI Can Leak Your Secrets via Multiple Means
Aug 06 2025
I Spent $500 To Test Devin AI For Prompt Injection So That You Don't Have To
Aug 05 2025
Amp Code: Arbitrary Command Execution via Prompt Injection Fixed
Aug 04 2025
Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)
Aug 03 2025
Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation
Aug 02 2025
Turning ChatGPT Codex Into A ZombAI Agent
Aug 01 2025
Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection
Jul 28 2025
The Month of AI Bugs 2025