A critical vulnerability in the Linux Kernel Virtual Machine (KVM) has been discovered, potentially allowing guest VMs to corrupt host memory and escape isolation. This flaw, present for 16 years, affects major cloud providers like Amazon AWS and Google GCP. Separately, security researchers found unencrypted management protocols in Hoymiles micro-inverters, enabling control and potential lockout of devices. OpenSSH 10.4 has been released with security fixes for file handling in SFTP and SCP, and experimental post-quantum encryption support. Additionally, Tenda routers may contain a backdoor in their web interface, and a prompt injection attack against GitHub's AI agent exposed private repositories. AI
IMPACT Highlights risks in AI agent security and prompt injection, underscoring the need for robust defenses in AI integrations.
RANK_REASON This cluster aggregates multiple security advisories and news items, rather than reporting on a single originating event from a primary source.
Read on Mastodon — fosstodon.org →
- AI
- Amazon Web Services
- GitHub
- Google GCP
- Hackaday
- Hoymiles
- KVM
- Linux
- Linux Kernel Virtual Machine
- OpenSSH
- Solar
AI-generated summary · Google Gemini · from 3 sources. How we write summaries →