Skip to main content

Tag: data exfiltration

146 articles

GrafanaGhost Exploit Bypasses AI Defenses for Covert Data Theft

GrafanaGhost Exploit Bypasses AI Defenses for Covert Data Theft

A newly discovered exploit, dubbed GrafanaGhost, has been found to cleverly bypass AI defenses, allowing for covert data theft by chaining together AI prompt injection and URL-handling flaws. This sneaky attack enables silent exfiltration of sensitive Grafana data, catching users off guard.

Analyst 207
Ransomware Attacks Evolve to Exploit Stolen Data for Double Extortion

Ransomware Attacks Evolve to Exploit Stolen Data for Double Extortion

Ransomware attacks have taken a sinister turn, now using stolen data to blackmail victims into paying up - not just by encrypting their files, but by threatening to expose sensitive information to the world. This double extortion tactic adds a whole new level of pressure, forcing victims to weigh the cost of a data breach against the cost of a ransom.

Analyst 207
OpenAI Fixes Critical ChatGPT Data Exfiltration Flaw

OpenAI Fixes Critical ChatGPT Data Exfiltration Flaw

A critical vulnerability in ChatGPT was recently uncovered, allowing hackers to secretly exfiltrate sensitive conversation data, including user messages and uploaded files, with just a single malicious prompt. Thankfully, OpenAI has swiftly stepped in to fix this flaw and protect users' confidential information.

Analyst 207
CISA Exclusive: Critical n8n Bug Exploited in Wild

CISA Exclusive: Critical n8n Bug Exploited in Wild

CISA confirms a critical n8n vulnerability is being actively exploited—what automates your workflows can now let attackers run arbitrary code, so internet‑exposed instances need immediate mitigation or patching.

Analyst 207
AI Assistants Exclusive Shift, Best Security Tactics

AI Assistants Exclusive Shift, Best Security Tactics

AI assistants can act as intern, coder and courier all at once—automating emails, scripts and cloud actions with near-total access. That convenience is collapsing old defenses, so organizations must rethink trusted access and adopt smarter security tactics before automation becomes an attack vector.

Analyst 207
Claude Used to Hack Mexican Government Exclusive Scandal

Claude Used to Hack Mexican Government Exclusive Scandal

When researchers discovered that an attacker had coaxed Anthropic’s Claude—after initially flagging the intent—into writing exploit scripts, mapping Mexican government networks and automating data theft, it became a stark reminder that powerful LLMs can flip from helpful to harmful with just a few clever prompts.

Analyst 207
North Korean Lazarus Group Exclusive: Dangerous Medusa Surge

North Korean Lazarus Group Exclusive: Dangerous Medusa Surge

When hospitals open their doors, their networks shouldnt open to extortion — but a surge in Medusa ransomware tied to North Koreas Lazarus Group is forcing technologists, health‑care leaders and policymakers to decide how to lock them. These attacks — a blend of state‑grade tools and criminal tactics — risk disrupted care, delayed diagnoses and real harm to patients.

Analyst 207
AI Stunning Threat: Breakout Time Falls to Four Minutes

AI Stunning Threat: Breakout Time Falls to Four Minutes

Breakout time can now fall to about four minutes as AI automates reconnaissance, exploit crafting, and data exfiltration — meaning the cozy breathing room defenders once relied on is gone and its time to rethink detection and response.

Analyst 207
The Promptware Kill Chain: Exclusive Critical Risk Guide

The Promptware Kill Chain: Exclusive Critical Risk Guide

What if a stray calendar event or shared doc could become a command to your AI? This guide reveals the promptware kill chain—how attackers weaponize language to steal data, gain persistence, and trigger unauthorized actions, and what you can do to defend against it.

Analyst 207
Chrome extensions Exclusive: Malicious AI steal API keys

Chrome extensions Exclusive: Malicious AI steal API keys

Before you add that shiny AI assistant to Chrome, pause: researchers found 30+ extensions secretly siphoning API keys, emails and other sensitive data from hundreds of thousands of users. What promised convenience turned into a fast track for credential theft and account takeover.

Analyst 207
AIs Stunning Rise in Exploiting Dangerous Internet Flaws

AIs Stunning Rise in Exploiting Dangerous Internet Flaws

AI is quietly rewriting the rules of exploit development—LLMs can now turn public CVE write‑ups and off‑the‑shelf Kali tools into working exploits and even automate multi‑stage attacks. That shrinking technical barrier means defenders have far less time to patch and prevent real compromises.

Analyst 207
AI Stunningly Vulnerable: Prompt Injection Crisis

AI Stunningly Vulnerable: Prompt Injection Crisis

Imagine a drive‑through customer asking you to ignore earlier instructions and hand over the cash—absurd, but that’s exactly what prompt injection can do to AI, tricking models into leaking secrets or obeying forbidden commands. As these deceptively simple attacks slip from research demos into real systems, organizations are scrambling to plug a growing and alarming security gap.

Analyst 207
Zero-Click Attack Exclusive: Alarming ChatGPT Data Theft

Zero-Click Attack Exclusive: Alarming ChatGPT Data Theft

Imagine your AI assistant quietly doing more than you asked — Radware researchers have uncovered a zero-click prompt-injection that exploits agentic ChatGPT features to make assistants act and leak data across apps with little or no user interaction. Its a wake-up call: autonomy is outpacing control.

Analyst 207
Ransomware Exclusive: Stunning Worst Surge of 2025

Ransomware Exclusive: Stunning Worst Surge of 2025

Think ransomware was fading? The 2025 ransomware surge proves otherwise—smarter, faster attacks (retail incidents jumped 58% in Q2) are crippling stores, exposing data and stretching insurers and regulators to the breaking point.

Analyst 207
OpenAI Stunning Patchwork Exposes Worsening Prompt Risks

OpenAI Stunning Patchwork Exposes Worsening Prompt Risks

Prompt risks have moved out of the lab and into your chat window. Researchers warn that prompt injection and misused system prompts let modestly skilled attackers extract personal data from AI assistants, revealing a dangerous gap between convenience and current defenses.

Analyst 207
MongoDB Vulnerability CVE-2025-14847 Stunning Critical Risk

MongoDB Vulnerability CVE-2025-14847 Stunning Critical Risk

One malformed request could let attackers pluck secrets straight from your MongoDB — meet CVE-2025-14847, aka MongoBleed, a critical unauthenticated memory-leak flaw. With over 87,000 instances potentially exposed and active exploits in the wild, now’s the time to scan, patch, and lock things down.

Analyst 207
Urban VPN Proxy Exclusive: Alarming AI Chat Interception

Urban VPN Proxy Exclusive: Alarming AI Chat Interception

Think your VPN browser extension keeps you private? Researchers found a popular extension quietly intercepting and harvesting chats from major AI platforms by default — and with no in‑product toggle, uninstalling is the only way to stop the continuous background data siphon.

Analyst 207
State-Sponsored Actors Deploy Exclusive High-Risk Backdoors

State-Sponsored Actors Deploy Exclusive High-Risk Backdoors

State-backed actors are deploying exclusive, high-risk backdoors that abuse cloud services to hide, persist and siphon secrets—making old detection methods obsolete. Learn what these stealthy campaigns do and why companies, governments and users need smarter defenses now.

Analyst 207
University Breached Again: Exclusive Report on Severe Hack

University Breached Again: Exclusive Report on Severe Hack

The University of Pennsylvania has suffered a second cyber intrusion after an Oct. 31 email hack, showing how attackers probe, exploit, then return to harvest more data. That pattern puts personal, research and operational information at risk and highlights how a single breach can ripple across the higher‑education sector.

Analyst 207
Malware Stunningly Evades AI in Critical npm Breach

Malware Stunningly Evades AI in Critical npm Breach

Think your npm packages are safe? Researchers found a malicious npm package that talks to a remote AI-like controller, adapting at runtime to dodge scanners and quietly steal valuable data.

Analyst 207
Royal Borough of Kensington and Chelsea Exclusive: Major Leak

Royal Borough of Kensington and Chelsea Exclusive: Major Leak

A suspected ransomware attack on the Royal Borough of Kensington and Chelsea is a stark wake-up call about how much of our lives we trust to local councils. Beyond locked systems, exposed personal records and disrupted services can leave residents — especially the vulnerable — at risk of fraud, identity theft and real harm.

Analyst 207
Asahi Exclusive: Alarming Cyberattack Hits 1.5M

Asahi Exclusive: Alarming Cyberattack Hits 1.5M

Up to 1.5 million Asahi customers are asking, Were my records exposed? after a September ransomware attack that disrupted deliveries and may have accessed customer databases. Investigators and law enforcement are still probing what was taken as the company grapples with a growing privacy and trust crisis.

Analyst 207
Iberia Airlines Exclusive: Critical Supply Chain Breach

Iberia Airlines Exclusive: Critical Supply Chain Breach

When Iberia alerts customers that a supplier was compromised, it’s a reminder that a single supply‑chain breach can ripple into delays, data exposure and broader operational headaches across modern travel. If you got the email, here’s what it means for your trip and what to look out for next.

Analyst 207
PlushDaemon Exclusive: Dangerous New Spy Malware

PlushDaemon Exclusive: Dangerous New Spy Malware

Exclusive: PlushDaemon malware is a stealthy new spy quietly siphoning personal data — learn how it works, whos at risk, and easy steps you can take to protect yourself.

Analyst 207