Tag: data
-
AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack
Microsoft uncovered Whisper Leak, a side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy. Microsoft revealed a new side-channel attack called Whisper Leak, which lets attackers who can monitor network traffic infer what users discuss with remote language models, even when the data is encrypted. The company warned that…
-
Ensuring Stability in Cyber Security with NHIs
Are Organizations Maximizing the Potential of Non-Human Identities? The importance of managing Non-Human Identities (NHIs) cannot be overstated. But how effectively are organizations leveraging these capabilities to enhance stable cybersecurity? NHIs”, often referred to as machine identities”, are pivotal in safeguarding secrets security management and ensuring robust protection across multiple sectors. Data management and cybersecurity…
-
Ensuring Stability in Cyber Security with NHIs
Are Organizations Maximizing the Potential of Non-Human Identities? The importance of managing Non-Human Identities (NHIs) cannot be overstated. But how effectively are organizations leveraging these capabilities to enhance stable cybersecurity? NHIs”, often referred to as machine identities”, are pivotal in safeguarding secrets security management and ensuring robust protection across multiple sectors. Data management and cybersecurity…
-
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model”¯conversation”¯topics despite encryption protections under certain circumstances.This leakage of data exchanged between humans and”¯streaming-mode language models could pose serious risks to First seen on thehackernews.com Jump…
-
AI-Powered Cyber Threats Rise: Attackers Target Manufacturing Sector
A comprehensive new report reveals that manufacturing organizations are grappling with a dual challenge: rapidly adopting generative AI technologies while simultaneously defending against attackers who exploit these same platforms and trusted cloud services to launch sophisticated attacks. The findings underscore an urgent need for enhanced security controls as the sector balances innovation with data protection.…
-
How MSSPs Turn Security Alerts Into Exponential Revenue With Morpheus AI
See how Morpheus AI transforms managed security economics”, delivering 24/7 autonomous coverage, unified data, and exponential returns without increasing headcount. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/how-mssps-turn-security-alerts-into-exponential-revenue-with-morpheus-ai/
-
How MSSPs Turn Security Alerts Into Exponential Revenue With Morpheus AI
See how Morpheus AI transforms managed security economics”, delivering 24/7 autonomous coverage, unified data, and exponential returns without increasing headcount. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/how-mssps-turn-security-alerts-into-exponential-revenue-with-morpheus-ai/
-
Randall Munroe’s XKCD ”Planetary Rings<<
Tags: datavia the cosmic humor & dry-as-interstellar-space wit of Randall Munroe, creator of XKCD Permalink First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/11/randall-munroes-xkcd-planetary-rings/
-
Bill Seeks HIPAA-Like Protections for Consumer Health Data
Senate HELP Committee Chair Seeks to Secure Data in Smart Watches, Health Apps. Sen. Bill Cassidy, R-La., a physician and chair of the Senate health committee, has proposed legislation that aims to create parallel HIPAA-like privacy protections to more types of health data – such as data collected by consumer wearable devices and health apps…
-
For OT Cyber Defenders, Lack of Data Is the Biggest Threat
OT Security ‘A Generation Behind Traditional IT’. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/for-ot-cyber-defenders-lack-data-biggest-threat-a-29959
-
‘Ransomvibing’ Infests Visual Studio Extension Market
A published VS Code extension didn’t hide the fact that it encrypts and exfiltrates data and also failed to remove obvious signs it was AI-generated. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/ransomvibing-infests-visual-studio-extension-market
-
Commercial spyware “Landfall” ran rampant on Samsung phones for almost a year
Targeted attack could steal all of a phone’s data and activate camera or mic. First seen on arstechnica.com Jump to article: arstechnica.com/gadgets/2025/11/commercial-spyware-landfall-ran-rampant-on-samsung-phones-for-almost-a-year/
-
Washington Post confirms data breach linked to Oracle hacks
The Washington Post is the latest victim of a hacking campaign by the notorious Clop ransomware gang, which relied on vulnerabilities in Oracle software used by many corporations. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/07/washington-post-confirms-data-breach-linked-to-oracle-hacks/
-
Commercial spyware “Landfall” ran rampant on Samsung phones for almost a year
Targeted attack could steal all of a phone’s data and activate camera or mic. First seen on arstechnica.com Jump to article: arstechnica.com/gadgets/2025/11/commercial-spyware-landfall-ran-rampant-on-samsung-phones-for-almost-a-year/
-
Cisco Unified CCX Remote Code Execution Vulnerabilities (CVE-2025-20354, CVE-2025-20358)
Technical details The problem comes from weak authentication in two different CCX components. CVE-2025-20354 targets the Java RMI service. CCX exposes this service to accept remote data, but it does not properly check who is sending it. That means an attacker can upload a specially crafted file and run commands on the underlying operating system.”¦…
-
Cisco Unified CCX Remote Code Execution Vulnerabilities (CVE-2025-20354, CVE-2025-20358)
Technical details The problem comes from weak authentication in two different CCX components. CVE-2025-20354 targets the Java RMI service. CCX exposes this service to accept remote data, but it does not properly check who is sending it. That means an attacker can upload a specially crafted file and run commands on the underlying operating system.”¦…
-
CBO Hit by Suspected Nation-State Cyberattack
Nation-State Actor Suspected in Breach of Congressional Budget Office. The Congressional Budget Office has been the subject of an apparent cyber incident, officials confirmed Friday, raising concerns that adversaries may have gained access to sensitive data used to inform U.S. legislative decisions amid ongoing federal cyber staffing shortages. First seen on govinfosecurity.com Jump to article:…
-
Cisco Unified CCX Remote Code Execution Vulnerabilities (CVE-2025-20354, CVE-2025-20358)
Technical details The problem comes from weak authentication in two different CCX components. CVE-2025-20354 targets the Java RMI service. CCX exposes this service to accept remote data, but it does not properly check who is sending it. That means an attacker can upload a specially crafted file and run commands on the underlying operating system.”¦…
-
CBO Hit by Suspected Nation-State Cyberattack
Nation-State Actor Suspected in Breach of Congressional Budget Office. The Congressional Budget Office has been the subject of an apparent cyber incident, officials confirmed Friday, raising concerns that adversaries may have gained access to sensitive data used to inform U.S. legislative decisions amid ongoing federal cyber staffing shortages. First seen on govinfosecurity.com Jump to article:…
-
Report: Government data mining has gone too far and AI will make it worse
A digital privacy group says agencies are collecting too much data on Americans and using AI tools to make connections that may not be valid. First seen on cyberscoop.com Jump to article: cyberscoop.com/government-data-mining-has-gone-too-far-ai-will-make-it-worse/
-
ISMG Editors: Lawsuits Follow Year’s Top Health Data Breach
Conduent Gets Sued; US Government’s Cyber Shutdown Woes; Hacktivist Hits Rise. The latest ISMG Editors’ Panel tackles: post-hack legal fallout for Conduent after it suffered the year’s biggest health data breach, the U.S. government’s shutdown complicating its response to the breach of vendor F5 and the rise in attacks targeting Western critical national infrastructure. First…
-
Report: Government data mining has gone too far and AI will make it worse
A digital privacy group says agencies are collecting too much data on Americans and using AI tools to make connections that may not be valid. First seen on cyberscoop.com Jump to article: cyberscoop.com/government-data-mining-has-gone-too-far-ai-will-make-it-worse/
-
Edtech company fined $5.1 million for poor data security practices leading to hack
Illuminate Education also allegedly failed to monitor its systems for suspicious activity and did not separately secure backup and active databases. First seen on therecord.media Jump to article: therecord.media/ed-tech-company-fined-5-million-data-breach-security-practices
-
Stop Paying the Password Tax: A CFO’s Guide to Affordable Zero-Trust Access
In 2025, stolen credentials remain the most common and fastest path into an organization’s systems. Nearly half of breaches begin with compromised logins. The 2025 Verizon Data Breach Investigations Report puts it bluntly: “Hackers don’t break in anymore, they log in.” Web application attacks have followed suit, with 88% now using stolen credentials as the..…
-
Stop Paying the Password Tax: A CFO’s Guide to Affordable Zero-Trust Access
In 2025, stolen credentials remain the most common and fastest path into an organization’s systems. Nearly half of breaches begin with compromised logins. The 2025 Verizon Data Breach Investigations Report puts it bluntly: “Hackers don’t break in anymore, they log in.” Web application attacks have followed suit, with 88% now using stolen credentials as the..…
-
“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix
Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests. First seen on hackread.com Jump to article: hackread.com/i-paid-twice-scam-booking-com-purerat-clickfix/