Tag: leak

CYFIRMA FireTail: Working Together for Complete Visibility and Robust API Security FireTail Blog

Nov 11, 2025 2:20 PM

Tags: ai, api, attack, cloud, cyber, data, detection, intelligence, leak, ml, open-source, risk, saas, threat, vulnerability

Nov 11, 2025 – Alan Fagan – CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients…
CYFIRMA FireTail: Working Together for Complete Visibility and Robust API Security FireTail Blog

Nov 11, 2025 2:20 PM

Tags: ai, api, attack, cloud, cyber, data, detection, intelligence, leak, ml, open-source, risk, saas, threat, vulnerability

Nov 11, 2025 – Alan Fagan – CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients…
IDOR Attacks and the Growing Threat to Your API Security FireTail Blog

Nov 11, 2025 12:20 PM

Tags: access, advisory, api, attack, authentication, banking, best-practice, breach, business, cisa, cloud, cyber, cybersecurity, data, data-breach, detection, email, endpoint, exploit, finance, group, hacker, identity, india, infrastructure, insurance, leak, office, open-source, risk, strategy, theft, threat, unauthorized, vulnerability

Nov 11, 2025 – Jeremy Snyder – IDOR Attacks: Common And Deadly IDOR attacks, or Insecure Direct Object Reference (IDOR) attacks, are one of the most common and costly forms of API breach. In an IDOR attack, hackers directly reference internal objects in a web application that uses APIs1. IDOR attacks specific to APIs consist…
AI startups leak sensitive credentials on GitHub, exposing models and training data

Nov 11, 2025 12:20 PM

Tags: ai, api, attack, compliance, credentials, cybersecurity, data, data-breach, framework, github, governance, leak, startup, training

Compliance and governance: The Wiz findings highlight how exposed API keys can escalate into full-scale compromises across AI ecosystems, according to Sakshi Grover, senior research manager for IDC Asia Pacific Cybersecurity Services. “Stolen credentials can be used to manipulate model behavior or extract training data, undermining trust in deployed systems.”Grover noted that such exposures are…
IDOR Attacks and the Growing Threat to Your API Security FireTail Blog

Nov 11, 2025 12:20 PM

Tags: access, advisory, api, attack, authentication, banking, best-practice, breach, business, cisa, cloud, cyber, cybersecurity, data, data-breach, detection, email, endpoint, exploit, finance, group, hacker, identity, india, infrastructure, insurance, leak, office, open-source, risk, strategy, theft, threat, unauthorized, vulnerability

Nov 11, 2025 – Jeremy Snyder – IDOR Attacks: Common And Deadly IDOR attacks, or Insecure Direct Object Reference (IDOR) attacks, are one of the most common and costly forms of API breach. In an IDOR attack, hackers directly reference internal objects in a web application that uses APIs1. IDOR attacks specific to APIs consist…
Leaks auf Github: Top-KI-Unternehmen haben ihre Keys nicht im Griff

Nov 11, 2025 11:20 AM

Tags: ai, github, leak

Forscher haben auf Github allerhand private Schlüssel, Tokens und weitere Anmeldedaten von einem Großteil der Forbes AI 50 entdeckt. First seen on golem.de Jump to article: www.golem.de/news/leaks-auf-github-viele-top-ki-unternehmen-haben-ihre-keys-nicht-im-griff-2511-202054.html
65% of Leading AI Companies Found With Verified Secrets Leaks

Nov 10, 2025 6:19 PM

Tags: ai, data, data-breach, github, leak

A new study has revealed 65% of top AI firms have leaked sensitive data on GitHub, risking $400bn in assets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/leading-ai-companies-secret-leaks/
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations

Nov 10, 2025 2:19 PM

Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpn

Inside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations

Nov 10, 2025 2:19 PM

Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpn

Inside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations

Nov 10, 2025 2:19 PM

Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpn

Inside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations

Nov 10, 2025 2:19 PM

Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpn

Inside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
âš¡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More

Nov 10, 2025 2:19 PM

Tags: ai, android, cyber, cybercrime, exploit, group, leak, malicious, malware, side-channel, spyware, threat

Cyber threats didn’t slow down last week”, and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild.But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear…
âš¡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More

Nov 10, 2025 2:19 PM

Tags: ai, android, cyber, cybercrime, exploit, group, leak, malicious, malware, side-channel, spyware, threat

Cyber threats didn’t slow down last week”, and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild.But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear…
âš¡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More

Nov 10, 2025 2:19 PM

Tags: ai, android, cyber, cybercrime, exploit, group, leak, malicious, malware, side-channel, spyware, threat

Cyber threats didn’t slow down last week”, and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild.But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear…
Researchers trick ChatGPT into prompt injecting itself

Nov 10, 2025 11:22 AM

Tags: attack, chatgpt, data, endpoint, injection, leak, LLM, malicious, monitoring, openai, phishing, unauthorized, vulnerability

Conversation injection and stealthy data exfiltration: Because ChatGPT receives output from SearchGPT after the search model processes content, Tenable’s researchers wondered what would happen if SearchGPT’s response itself contained a prompt injection. In other words, could they use a website to inject a prompt that instructs SearchGPT to inject a different prompt into ChatGPT, effectively…
Data Leak Exposes Chinese State-Sponsored Cyber Arsenal and Target Database

Nov 10, 2025 8:19 AM

Tags: breach, china, cyber, cybersecurity, data, data-breach, government, hacking, international, leak, theft, tool

In early November 2025, a massive data breach at Knownsec, a prominent Chinese cybersecurity firm with government ties, sent shockwaves through the international security community. The incident, reported on November 2, resulted in the theft of over 12,000 classified documents exposing sophisticated state-sponsored cyber weapons, internal hacking tools, and a comprehensive global target list spanning…
Data Leak Exposes Chinese State-Sponsored Cyber Arsenal and Target Database

Nov 10, 2025 8:19 AM

Tags: breach, china, cyber, cybersecurity, data, data-breach, government, hacking, international, leak, theft, tool

In early November 2025, a massive data breach at Knownsec, a prominent Chinese cybersecurity firm with government ties, sent shockwaves through the international security community. The incident, reported on November 2, resulted in the theft of over 12,000 classified documents exposing sophisticated state-sponsored cyber weapons, internal hacking tools, and a comprehensive global target list spanning…
Data Leak Exposes Chinese State-Sponsored Cyber Arsenal and Target Database

Nov 10, 2025 8:19 AM

Tags: breach, china, cyber, cybersecurity, data, data-breach, government, hacking, international, leak, theft, tool

In early November 2025, a massive data breach at Knownsec, a prominent Chinese cybersecurity firm with government ties, sent shockwaves through the international security community. The incident, reported on November 2, resulted in the theft of over 12,000 classified documents exposing sophisticated state-sponsored cyber weapons, internal hacking tools, and a comprehensive global target list spanning…
AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

Nov 9, 2025 6:20 PM

Tags: ai, attack, data, encryption, leak, microsoft, network, privacy, risk, side-channel

Microsoft uncovered Whisper Leak, a side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy. Microsoft revealed a new side-channel attack called Whisper Leak, which lets attackers who can monitor network traffic infer what users discuss with remote language models, even when the data is encrypted. The company warned that…
Microsoft findet Seitenkanalangriff Whisper-Leak in LLMs

Nov 9, 2025 2:19 PM

Tags: ai, leak, LLM, microsoft

Sicherheitsforscher haben eine neue Whisper-Leaks genannte Methode entdeckt, um einen Seitenkanalangriff auf die Kommunikation mit Sprachmodellen im Streaming-Modus durchzuführen. Durch geschicktes Ausnutzung von Netzwerkpaketgrößen und -timings könnten Informationen abgezogen werden. Mit der KI-Welle werden immer häufiger große Sprachmodelle (LLMs), KI-gestützte … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/09/microsoft-findet-seitenkanalangriff-whisper-leak-in-llms/
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic

Nov 8, 2025 4:19 PM

Tags: ai, attack, data, encryption, leak, microsoft, network, risk, side-channel

Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model”¯conversation”¯topics despite encryption protections under certain circumstances.This leakage of data exchanged between humans and”¯streaming-mode language models could pose serious risks to First seen on thehackernews.com Jump…
LLM08: Vector Embedding Weaknesses FireTail Blog

Nov 8, 2025 5:20 AM

Tags: access, ai, attack, authentication, control, cyber, data, governance, injection, leak, LLM, risk, unauthorized, vulnerability

Nov 07, 2025 – – In 2025, with the rise of AI, we’ve seen a parallel rise in cyber risks. The OWASP Top 10 for LLM helps us categorize and understand the biggest risks we are seeing in today’s landscape. In previous blogs, we’ve gone over risks 1-7. Today, we’re covering #8: Vector and Embedding…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
Leak confirms Google Gemini 3 Pro and Nano Banana 2 could launch soon

Nov 7, 2025 2:20 PM

Tags: google, leak

Google is planning to ship two new models. One is Gemini 3, which is optimised for coding and regular use, and the second is Nano Banano 2 for generating realistic images. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/leak-confirms-google-gemini-3-pro-and-nano-banana-2-could-launch-soon/
Leak confirms Google Gemini 3 Pro and Nano Banana 2 could launch soon

Nov 7, 2025 2:20 PM

Tags: google, leak

Google is planning to ship two new models. One is Gemini 3, which is optimised for coding and regular use, and the second is Nano Banano 2 for generating realistic images. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/leak-confirms-google-gemini-3-pro-and-nano-banana-2-could-launch-soon/
New Analysis Reveals LockBit 5.0’s Core Features and Dual-Stage Attack Model

Nov 7, 2025 1:19 PM

Tags: attack, cyber, group, international, law, leak, lockbit, ransomware, service, update

LockBit has remained one of the most dominant ransomware-as-a-service (RaaS) groups in the world since its emergence as ABCD ransomware in 2019 and official launch as LockBit in 2020. Despite high-profile setbacks including international law enforcement takedowns in early 2024 and a damaging affiliate panel leak in May 2025 the group continues to update its…
New Analysis Reveals LockBit 5.0’s Core Features and Dual-Stage Attack Model

Nov 7, 2025 1:19 PM

Tags: attack, cyber, group, international, law, leak, lockbit, ransomware, service, update

LockBit has remained one of the most dominant ransomware-as-a-service (RaaS) groups in the world since its emergence as ABCD ransomware in 2019 and official launch as LockBit in 2020. Despite high-profile setbacks including international law enforcement takedowns in early 2024 and a damaging affiliate panel leak in May 2025 the group continues to update its…
New Analysis Reveals LockBit 5.0’s Core Features and Dual-Stage Attack Model

Nov 7, 2025 1:19 PM

Tags: attack, cyber, group, international, law, leak, lockbit, ransomware, service, update

LockBit has remained one of the most dominant ransomware-as-a-service (RaaS) groups in the world since its emergence as ABCD ransomware in 2019 and official launch as LockBit in 2020. Despite high-profile setbacks including international law enforcement takedowns in early 2024 and a damaging affiliate panel leak in May 2025 the group continues to update its…
Clop Ransomware group claims the breach of The Washington Post

Nov 7, 2025 12:19 AM

Tags: breach, cybercrime, data, group, leak, ransomware

The Clop Ransomware group claims the breach of The Washington Post and added the Americandaily newspaperto its Tor data leak site. The Clop Ransomware group announced the hack of the prestigious Americandaily newspaper The Washington Post. The cybercrime group created a page for the university on its Tor data leak site and announced it will…