https://jashidsany.com/tags/credential-exfiltration/ Recent content in Credential-Exfiltration on Jashid Sany Hugo en-us Sun, 15 Mar 2026 00:00:00 +0000 https://jashidsany.com/security-research/ai-security/windsurf-indirect-prompt-injection-blog/ Sun, 15 Mar 2026 00:00:00 +0000 https://jashidsany.com/security-research/ai-security/windsurf-indirect-prompt-injection-blog/ How a hidden HTML comment in a GitHub Gist caused Windsurf’s Cascade agent to read SSH keys and AWS credentials, then exfiltrate them to an attacker-controlled endpoint with zero user interaction.