If you enjoy our newsletter, please consider to be a paid subscriber to help us keep more news and updates coming out.
Notice: The Book Report Q4, 2025 is available! Download here.
Highlights
Singapore: Agentic AI framework.How SSO is exploited.LLM endpoints.Outlook crashes.Elicitation attack pipeline.
Deep Dive
Singapore: Agentic AI framework IMDA
Framework guides safe agent use.
Humans remain responsible for actions.
Limits placed on agent powers.
Checkpoints require human approval.
Technical controls mitigate autonomy risks.
Fosters global AI governance standards.
How SSO is exploited BleepingComputer
Attackers impersonate corporate helpdesks.
Fake portals steal SSO credentials.
MFA codes intercepted in real-time.
SSO dashboards grant wide access.
Salesforce and SharePoint are targets.
The ShinyHunters group claims responsibility.
LLM endpoints BleepingComputer
Campaign named Bizarre Bazaar.
Activity dubbed LLMjacking.
Stolen access fuels crypto mining.
API access resold on darknet.
Sensitive prompt data is exfiltrated.
Misconfigured AI ports are exploited.
SilverInc resells stolen access.
MCP servers allow lateral movement.
Outlook crashes BleepingComputer
Coding error causes freezes.
Launch app in Airplane Mode.
Official fix pending Apple review.
Windows Outlook also has issues.
Web access down in regions.
Elicitation Attack Pipeline Anthropic
Benign prompts bypass safeguards
Open-source models become dangerous
Three-step elicitation attack
Adjacent-domain prompt construction
No harmful data required
Recovers ~40% capability gap
Stronger models amplify attack
![[Available] Book Report Q3, 2025](https://substackcdn.com/image/fetch/$s_!HI5v!,w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F62b0655a-9a73-4382-8201-d9007269e7ad_900x900.jpeg)
