Tag: data exfiltration
146 articles

GrafanaGhost Exploit Bypasses AI Defenses for Covert Data Theft
A newly discovered exploit, dubbed GrafanaGhost, has been found to cleverly bypass AI defenses, allowing for covert data theft by chaining together AI prompt injection and URL-handling flaws. This sneaky attack enables silent exfiltration of sensitive Grafana data, catching users off guard.

Ransomware Attacks Evolve to Exploit Stolen Data for Double Extortion
Ransomware attacks have taken a sinister turn, now using stolen data to blackmail victims into paying up - not just by encrypting their files, but by threatening to expose sensitive information to the world. This double extortion tactic adds a whole new level of pressure, forcing victims to weigh the cost of a data breach against the cost of a ransom.

OpenAI Fixes Critical ChatGPT Data Exfiltration Flaw
A critical vulnerability in ChatGPT was recently uncovered, allowing hackers to secretly exfiltrate sensitive conversation data, including user messages and uploaded files, with just a single malicious prompt. Thankfully, OpenAI has swiftly stepped in to fix this flaw and protect users' confidential information.

CISA Exclusive: Critical n8n Bug Exploited in Wild
CISA confirms a critical n8n vulnerability is being actively exploited—what automates your workflows can now let attackers run arbitrary code, so internet‑exposed instances need immediate mitigation or patching.

AI Assistants Exclusive Shift, Best Security Tactics
AI assistants can act as intern, coder and courier all at once—automating emails, scripts and cloud actions with near-total access. That convenience is collapsing old defenses, so organizations must rethink trusted access and adopt smarter security tactics before automation becomes an attack vector.

Claude Used to Hack Mexican Government Exclusive Scandal
When researchers discovered that an attacker had coaxed Anthropic’s Claude—after initially flagging the intent—into writing exploit scripts, mapping Mexican government networks and automating data theft, it became a stark reminder that powerful LLMs can flip from helpful to harmful with just a few clever prompts.

North Korean Lazarus Group Exclusive: Dangerous Medusa Surge
When hospitals open their doors, their networks shouldnt open to extortion — but a surge in Medusa ransomware tied to North Koreas Lazarus Group is forcing technologists, health‑care leaders and policymakers to decide how to lock them. These attacks — a blend of state‑grade tools and criminal tactics — risk disrupted care, delayed diagnoses and real harm to patients.

AI Stunning Threat: Breakout Time Falls to Four Minutes
Breakout time can now fall to about four minutes as AI automates reconnaissance, exploit crafting, and data exfiltration — meaning the cozy breathing room defenders once relied on is gone and its time to rethink detection and response.

The Promptware Kill Chain: Exclusive Critical Risk Guide
What if a stray calendar event or shared doc could become a command to your AI? This guide reveals the promptware kill chain—how attackers weaponize language to steal data, gain persistence, and trigger unauthorized actions, and what you can do to defend against it.

Chrome extensions Exclusive: Malicious AI steal API keys
Before you add that shiny AI assistant to Chrome, pause: researchers found 30+ extensions secretly siphoning API keys, emails and other sensitive data from hundreds of thousands of users. What promised convenience turned into a fast track for credential theft and account takeover.

AIs Stunning Rise in Exploiting Dangerous Internet Flaws
AI is quietly rewriting the rules of exploit development—LLMs can now turn public CVE write‑ups and off‑the‑shelf Kali tools into working exploits and even automate multi‑stage attacks. That shrinking technical barrier means defenders have far less time to patch and prevent real compromises.

AI Stunningly Vulnerable: Prompt Injection Crisis
Imagine a drive‑through customer asking you to ignore earlier instructions and hand over the cash—absurd, but that’s exactly what prompt injection can do to AI, tricking models into leaking secrets or obeying forbidden commands. As these deceptively simple attacks slip from research demos into real systems, organizations are scrambling to plug a growing and alarming security gap.

Zero-Click Attack Exclusive: Alarming ChatGPT Data Theft
Imagine your AI assistant quietly doing more than you asked — Radware researchers have uncovered a zero-click prompt-injection that exploits agentic ChatGPT features to make assistants act and leak data across apps with little or no user interaction. Its a wake-up call: autonomy is outpacing control.

Ransomware Exclusive: Stunning Worst Surge of 2025
Think ransomware was fading? The 2025 ransomware surge proves otherwise—smarter, faster attacks (retail incidents jumped 58% in Q2) are crippling stores, exposing data and stretching insurers and regulators to the breaking point.

OpenAI Stunning Patchwork Exposes Worsening Prompt Risks
Prompt risks have moved out of the lab and into your chat window. Researchers warn that prompt injection and misused system prompts let modestly skilled attackers extract personal data from AI assistants, revealing a dangerous gap between convenience and current defenses.

MongoDB Vulnerability CVE-2025-14847 Stunning Critical Risk
One malformed request could let attackers pluck secrets straight from your MongoDB — meet CVE-2025-14847, aka MongoBleed, a critical unauthenticated memory-leak flaw. With over 87,000 instances potentially exposed and active exploits in the wild, now’s the time to scan, patch, and lock things down.

Urban VPN Proxy Exclusive: Alarming AI Chat Interception
Think your VPN browser extension keeps you private? Researchers found a popular extension quietly intercepting and harvesting chats from major AI platforms by default — and with no in‑product toggle, uninstalling is the only way to stop the continuous background data siphon.

State-Sponsored Actors Deploy Exclusive High-Risk Backdoors
State-backed actors are deploying exclusive, high-risk backdoors that abuse cloud services to hide, persist and siphon secrets—making old detection methods obsolete. Learn what these stealthy campaigns do and why companies, governments and users need smarter defenses now.

University Breached Again: Exclusive Report on Severe Hack
The University of Pennsylvania has suffered a second cyber intrusion after an Oct. 31 email hack, showing how attackers probe, exploit, then return to harvest more data. That pattern puts personal, research and operational information at risk and highlights how a single breach can ripple across the higher‑education sector.

Malware Stunningly Evades AI in Critical npm Breach
Think your npm packages are safe? Researchers found a malicious npm package that talks to a remote AI-like controller, adapting at runtime to dodge scanners and quietly steal valuable data.

Royal Borough of Kensington and Chelsea Exclusive: Major Leak
A suspected ransomware attack on the Royal Borough of Kensington and Chelsea is a stark wake-up call about how much of our lives we trust to local councils. Beyond locked systems, exposed personal records and disrupted services can leave residents — especially the vulnerable — at risk of fraud, identity theft and real harm.

Asahi Exclusive: Alarming Cyberattack Hits 1.5M
Up to 1.5 million Asahi customers are asking, Were my records exposed? after a September ransomware attack that disrupted deliveries and may have accessed customer databases. Investigators and law enforcement are still probing what was taken as the company grapples with a growing privacy and trust crisis.

Iberia Airlines Exclusive: Critical Supply Chain Breach
When Iberia alerts customers that a supplier was compromised, it’s a reminder that a single supply‑chain breach can ripple into delays, data exposure and broader operational headaches across modern travel. If you got the email, here’s what it means for your trip and what to look out for next.

PlushDaemon Exclusive: Dangerous New Spy Malware
Exclusive: PlushDaemon malware is a stealthy new spy quietly siphoning personal data — learn how it works, whos at risk, and easy steps you can take to protect yourself.