Tag: email
-
OpenAI plugs ShadowLeak bug in ChatGPT that let miscreants raid inboxes
Radware says flaw enabled hidden email prompts to trick Deep Research agent into exfiltrating sensitive data First seen on theregister.com Jump to article: www.theregister.com/2025/09/19/openai_shadowleak_bug/
-
ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT
Radware discovered a server-side data theft attack, dubbed ShadowLeak, targeting ChatGPT. OpenAI patched the zero-click vulnerability. Researchers at Radware uncovered a server-side data theft attack targeting ChatGPT, called ShadowLeak. The experts discovered a zero-click vulnerability in ChatGPT’s Deep Research agent when connected to Gmail and browsing. The researchers explained that using a crafted email could trigger the agent to…
-
OpenAI fixes zero-click ShadowLeak vulnerability affecting ChatGPT Deep Research agent
Cybersecurity firm Radware discovered a vulnerability they call “ShadowLeak” where an attacker could exploit the vulnerability by simply sending an email to the user. First seen on therecord.media Jump to article: therecord.media/openai-fixes-zero-click-shadowleak-vulnerability
-
Meet ShadowLeak: ‘Impossible to detect’ data theft using AI
Tags: ai, attack, business, ciso, cybersecurity, data, data-breach, email, exploit, gartner, governance, injection, LLM, malicious, RedTeam, resilience, risk, sans, service, sql, supply-chain, technology, theft, tool, update, vulnerabilityWhat CSOs should do: To blunt this kind of attack, he said CSOs should:treat AI agents as privileged actors: apply the same governance used for a human with internal resource access;separate ‘read’ from ‘act’ scopes and service accounts, and where possible sanitize inputs before LLM (large language model) ingestion. Strip/neutralize hidden HTML, flatten to safe…
-
Malicious PyPI Packages Deliver SilentSync RAT
IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In July 2025, a malicious Python package named termncolor was identified by ThreatLabz. Just a few weeks later, on August 4, 2025, ThreatLabz uncovered two more malicious Python packages…
-
TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks
The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking markets.Russian cybersecurity vendor Kaspersky is tracking the activity, observed in summer 2025, to a cluster it tracks as RevengeHotels.”The threat actors continue to employ…
-
When “Your Data’s Out There” Isn’t Enough
Why Identity Breach Monitoring Needs an Upgrade If you’ve ever received a “dark web alert,” you probably know the uneasy feeling. An email pops into your inbox with a subject line like: “Your personal information has been found on the dark web.” It sounds urgent, maybe even terrifying. But when you open it, the details……
-
When “Your Data’s Out There” Isn’t Enough
Why Identity Breach Monitoring Needs an Upgrade If you’ve ever received a “dark web alert,” you probably know the uneasy feeling. An email pops into your inbox with a subject line like: “Your personal information has been found on the dark web.” It sounds urgent, maybe even terrifying. But when you open it, the details……
-
Gucci and Alexander McQueen Hit by Customer Data Breach
The attack, which is linked to ShinyHunters, has reportedly compromised data relating to 7.4 million unique email addresses First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gucci-mcqueen-customer-breach/
-
DigiCert Acquires Valimail to Add Email Authentication Service
DigiCert acquires Valimail to strengthen email authentication with DMARC and content protection, to fight phishing and AI-driven threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/digicert-acquires-valimail-to-add-email-authentication-service/
-
DigiCert Acquires Valimail to Add Email Authentication Service
DigiCert acquires Valimail to strengthen email authentication with DMARC and content protection, to fight phishing and AI-driven threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/digicert-acquires-valimail-to-add-email-authentication-service/
-
Millions of Customer Records Stolen in Cyberattack on Gucci, Balenciaga, and Alexander McQueen
Luxury retail giant Kering has confirmed a major data breach affecting its top fashion houses, including Gucci, Balenciaga, and Alexander McQueen. The cybercriminal group known as Shiny Hunters claims to have stolen private details tied to as many as 7.4 million unique email addresses. Potentially millions of customers around the world may now be at…
-
Tax Refund-Themed Phishing Slows in 2025
Reports of email phishing attempts impersonating the UK’s HM Revenue & Customs plummeted in the first half of 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-tax-refund-phishing-slows/
-
Tax Refund-Themed Phishing Slows in 2025
Reports of email phishing attempts impersonating the UK’s HM Revenue & Customs plummeted in the first half of 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-tax-refund-phishing-slows/
-
CISOs grapple with the realities of applying AI to security functions
Tags: ai, automation, breach, business, ceo, ciso, compliance, cybersecurity, data, detection, email, endpoint, finance, governance, incident response, intelligence, law, malicious, malware, microsoft, risk, service, soc, threat, toolThe agentic edge: The financial services is often an early adopter of cutting-edge security technologies.Erin Rogers, SVP and director of cybersecurity risk and compliance at BOK Financial, tells CSO that AI-based upgrades are helping threat detection and response systems to autonomously analyze threats, make real-time decisions, and adapt responses, significantly improving early detection and mitigation.While…
-
CISOs grapple with the realities of applying AI to security functions
Tags: ai, automation, breach, business, ceo, ciso, compliance, cybersecurity, data, detection, email, endpoint, finance, governance, incident response, intelligence, law, malicious, malware, microsoft, risk, service, soc, threat, toolThe agentic edge: The financial services is often an early adopter of cutting-edge security technologies.Erin Rogers, SVP and director of cybersecurity risk and compliance at BOK Financial, tells CSO that AI-based upgrades are helping threat detection and response systems to autonomously analyze threats, make real-time decisions, and adapt responses, significantly improving early detection and mitigation.While…
-
Popular NPM Package ‘ctrl/tinycolor’ with 2M Weekly Downloads and 40+ Others Compromised in Supply Chain Attack
The NPM ecosystem is under attack once again, with a sophisticated supply chain compromise targeting the widely-used @ctrl/tinycolor package and over 40 other JavaScript packages. This latest incident represents a significant escalation in supply chain threats, featuring self-propagating malware that automatically spreads across the ecosystem. Diagram showing how phishing emails with malicious URLs or HTML…
-
Phishing campaign targets Rust developers
Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/15/phishing-campaign-targets-rust-developers/
-
Hackers steal private data of Gucci, Balenciaga and McQueen customers
Cybercriminals steal details of potentially millions of people in attack on labels’ parent company KeringHackers have stolen data from customers of the luxury fashion group Kering, whose brands include Gucci, Balenciaga and Alexander McQueen.Cyber-attackers have stolen data of potentially millions of customers, including the names, phone numbers and email addresses of customers of the fashion…
-
Samsung’s image library flaw opens a zero-click backdoor
Patch now or risk a backdoor: A September 2025 Release 1 patch addresses the flaw that affects devices running Android versions 13 through 16. “Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code,” Samsung said in the disclosure.For enterprises, CVE-2025-21043 is more than a personal device issueit…
-
DarkCloud Stealer Targets Financial Firms via Weaponized RAR Files
August 2025 saw a dramatic surge in targeted attacks by the DarkCloud Stealer against financial institutions worldwide. CyberProof’s MDR analysts and threat hunters identified a wave of phishing emails bearing malicious RAR archives designed to prey on Windows users. Once executed, these archives unleashed a multi”stage payload engineered to siphon login credentials from email clients,…
-
Security Affairs newsletter Round 541 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. FBI warns of Salesforce attacks by UNC6040 and UNC6395 groups HybridPetya ransomware bypasses UEFI Secure Boot…
-
A Cyberattack Victim Notification Framework
Interesting analysis: When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do not know the true identity of victims and may only have a single email address…
-
Malware Campaign Uses SVG Email Attachments to Deploy XWorm and Remcos RAT
Recent threat campaigns have revealed an evolving use of BAT-based loaders to deliver Remote Access Trojans (RATs), including XWorm and Remcos. These campaigns typically begin with a ZIP archive”, often hosted on seemingly legitimate platforms such as ImgKit”, designed to entice user interaction by mimicking benign content. Once opened, the archive unpacks a highly obfuscated…
-
Microsoft fixes Exchange Online outage affecting users worldwide
Microsoft says that it has mitigated an Exchange Online outage affecting customers worldwide, which blocked their access to emails and calendars. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-investigates-exchange-online-outage-in-north-america/
-
12 digital forensics certifications to accelerate your cyber career
Tags: access, apt, attack, browser, chrome, cloud, computer, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, email, endpoint, exploit, google, government, group, hacker, hacking, Hardware, incident response, international, jobs, law, malicious, malware, microsoft, mobile, network, phone, service, skills, soc, technology, threat, tool, training, windowsCellebrite Certified Mobile Examiner (CCME)Certified Computer Examiner (CCE)CyberSecurity Forensic Analyst (CSFA)EC-Council Computer Hacking Forensic Investigator (CHFI)EnCase Certified Examiner (EnCE)Exterro AccessData Certified Examiner (ACE)GIAC Advanced Smartphone Forensics Certification (GASF)GIAC Certified Forensics Analyst (GCFA)GIAC Certified Forensic Examiner (GCFE)GIAC Cloud Forensic Responder (GCFR)GIAC Network Forensic Analysis (GNFA)Magnet Certified Forensics Examiner (MCFE) Cellebrite Certified Mobile Examiner (CCME) Out of…