Tag: leak
-
ShadowLeak Exploit Exposed Gmail Data Through ChatGPT Agent
Radware researchers revealed a service-side flaw in OpenAI’s ChatGPT. The ShadowLeak attack had used indirect prompt injection to bypass defences and leak sensitive data, but the issue has since been fixed. First seen on hackread.com Jump to article: hackread.com/shadowleak-exploit-exposed-gmail-data-chatgpt-agent/
-
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent
Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT’s Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email without any user action.The new class of attack has been codenamed ShadowLeak by Radware. Following responsible disclosure on June 18, 2025, the issue was addressed by…
-
Neue Ransomware-Gruppe Yurei: Open-Source-Code erleichtert weltweite Angriffe
Check Point Software Technologies warnt vor einer neuen Ransomware-Bedrohung namens Yurei, ein Begriff aus der japanischen Folklore für rastlose Geister. Check Point Research hat die Gruppe am 5. September 2025 erstmals entdeckt. Bereits in der ersten Woche konnte Yurei drei Unternehmen auf seiner Leak-Seite im Darknet aufführen: Sri Lanka: Ein Lebensmittelhersteller wurde als erstes Opfer kompromittiert.…
-
How Top CISOs Approach Exposure Management in the Context of Managing Cyber Risk
Tags: ai, attack, best-practice, business, ciso, control, cvss, cyber, cybersecurity, data, framework, group, intelligence, leak, metric, monitoring, risk, software, strategy, threat, update, vulnerability, vulnerability-managementWondering what your peers think of exposure management? New reports from the Exposure Management Leadership Council, a CISO working group sponsored by Tenable, offer insights. Key takeaways The CISOs who make up the Exposure Management Leadership Council see exposure management as a strategic and game-changing approach to unified proactive security. They believe exposure management can…
-
BMW Reportedly Hit by Everest Ransomware, Internal Files Stolen
The Everest ransomware group has claimed a major breach at Bayerische Motoren Werke AG (BMW), alleging the theft of 600,000 lines of sensitive internal documents. The group has posted BMW on its leak site, complete with a countdown timer and instructions that threaten to make the stolen audit reports, financial records, and engineering files public…
-
1 in 3 Android Apps Leak Sensitive Data
One third of Android and over half iOS apps shown to be leaking insecure APIs and hardcoded secrets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-apps-leak-sensitive-data/
-
SonicWall Advises Users to Reset Logins After Config Backup Leak
SonicWall has alerted its customers to reset all login credentials after a recent leak exposed firewall configuration backups. The vendor emphasizes three critical stages”, containment, remediation, and monitoring”, to minimize risk and restore secure access. Users should follow each stage in order, beginning with containment to block further exposure, proceeding to remediation to reset passwords…
-
SonicWall Advises Users to Reset Logins After Config Backup Leak
SonicWall has alerted its customers to reset all login credentials after a recent leak exposed firewall configuration backups. The vendor emphasizes three critical stages”, containment, remediation, and monitoring”, to minimize risk and restore secure access. Users should follow each stage in order, beginning with containment to block further exposure, proceeding to remediation to reset passwords…
-
Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source
Discover how to automatically detect secrets in GitLab CI logs using ggshield and GitGuardian’s Bring Your Own Source initiative. Learn to set up real-time scanning to prevent credential leaks, enhance compliance, and secure your entire CI/CD pipeline from hidden risks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/detect-secrets-in-gitlab-ci-logs-using-ggshield-and-bring-your-own-source/
-
Microsoft OneDrive Auto-Sync Flaw Leaks Enterprise Secrets from SharePoint Online
A new report from Entro Labs reveals that one in five exposed secrets in large organizations can be traced back to SharePoint. Rather than a flaw in SharePoint itself, the real culprit is a simple convenience feature: OneDrive’s default auto-sync. When OneDrive silently backs up key folders like Desktop and Documents to SharePoint Online, it…
-
Threat Actors and Code Assistants: The Hidden Risks of Backdoor Injections
AI code assistants integrated into IDEs, like GitHub Copilot, offer powerful chat, auto-completion, and test-generation features. However, threat actors and careless users can exploit these capabilities to inject backdoors, leak sensitive data, and produce harmful code. Indirect prompt injection attacks exploit context-attachment features by contaminating public data sources with hidden instructions. When unsuspecting developers feed…
-
Over 500GB of Sensitive Great Firewall of China Data Leaked Online
A massive data breach has exposed the inner workings of China’s internet censorship system, with over 500GB of sensitive documents from the Great Firewall of China (GFW) leaked online on September 11, 2025. This represents the largest leak of internal GFW documents in history, providing unprecedented insight into China’s digital surveillance apparatus. Breach Origins The…
-
ShinyHunters Attacked Vietnam’s Financial System – CIC Data Leak
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/shinyhunters-attacked-vietnams-financial-system-cic-data-leak
-
600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet
Hackers leaked 600 GB of data linked to the Great Firewall of China, exposing documents, code, and operations…. First seen on hackread.com Jump to article: hackread.com/great-firewall-of-china-data-published-largest-leak/
-
How Everyday Apps Leak More Data Than You Realize
Most mobile apps silently leak personal data to third parties, even trusted ones. From trackers in Google Play apps to high-profile breaches like Strava and British Airways, app data leakage is a growing privacy risk. Learn why apps leak data and how to protect yourself. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/how-everyday-apps-leak-more-data-than-you-realize/
-
Vyro AI Leak Reveals Poor Cyber Hygiene
The data leak underscores the larger issue of proprietary or sensitive data being shared with GenAI by users who should know better. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/vyro-ai-leak-cyber-hygiene
-
How China’s Propaganda and Surveillance Systems Really Operate
A series of corporate leaks show that Chinese technology companies function far more like their Western peers than one might imagine. First seen on wired.com Jump to article: www.wired.com/story/made-in-china-how-chinas-surveillance-industry-actually-works/
-
Palo Alto Exposes Passwords in Plain Text
Palo Alto’s CVE-2025-4235 leaks service passwords, demanding urgent patching and resets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/palo-alto-exposes-passwords-in-plain-text-cve-2025-4235/
-
Palo Alto Exposes Passwords in Plain Text CVE-2025-4235
Palo Alto’s CVE-2025-4235 leaks service passwords, demanding urgent patching and resets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/palo-alto-exposes-passwords-in-plain-text-cve-2025-4235/
-
Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets
AMD Zen hardware and Intel Coffee Lake affected First seen on theregister.com Jump to article: www.theregister.com/2025/09/11/vmscape_spectre_vulnerability/
-
New VMScape attack breaks guest-host isolation on AMD, Intel CPUs
A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-vmscape-attack-breaks-guest-host-isolation-on-amd-intel-cpus/
-
Palo Alto Networks User-ID Agent Flaw Leaks Passwords in Cleartext
Tags: credentials, cve, cvss, cyber, data-breach, flaw, leak, network, password, service, vulnerability, windowsA newly disclosed vulnerability in the Palo Alto Networks User-ID Credential Agent on Windows systems allows service account passwords to be exposed in cleartext under certain non-default configurations. Tracked as CVE-2025-4235, the flaw carries a CVSS base score of 4.2 (Medium) and has been assigned a Moderate urgency level. Palo Alto Networks released details and…
-
Hello Gym Data Leak Exposes 1.6 Million Audio Files of Gym Members
An unsecured database managed by Hello Gym has exposed over 1.6 million audio recordings of gym members. Learn… First seen on hackread.com Jump to article: hackread.com/hello-gym-data-leak-audio-files-of-gym-members/
-
KillSec Ransomware is Attacking Healthcare Institutions in Brazil
KillSec Ransomware claimed responsibility for a cyberattack on MedicSolution, a software solutions provider for the healthcare industry in Brazil. The KillSec Ransomware group has threatened to leak sensitive data unless negotiations are initiated promptly. According to threat intelligence reporting by Resecurity, the root cause of the incident data exfiltration from insecure AWS S3 bucket. […]…
-
Garak: Open-source LLM vulnerability scanner
LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/garak-open-source-llm-vulnerability-scanner/
-
Garak: Open-source LLM vulnerability scanner
LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/garak-open-source-llm-vulnerability-scanner/
-
Garak: Open-source LLM vulnerability scanner
LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/garak-open-source-llm-vulnerability-scanner/
-
Garak: Open-source LLM vulnerability scanner
LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/garak-open-source-llm-vulnerability-scanner/
-
Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the World
Geedge Networks, a company with ties to the founder of China’s mass censorship infrastructure, is selling its censorship and surveillance systems to at least four other countries in Asia and Africa. First seen on wired.com Jump to article: www.wired.com/story/geedge-networks-mass-censorship-leak/