#data-exfiltration

[ follow ]
#cybersecurity #prompt-injection #ransomware #malware #social-engineering #salesforce-agentforce
Information security
fromThe Hacker News
2 days ago

Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits

Three now-patched vulnerabilities in Google's Gemini AI could have allowed prompt and search-injection attacks and user data exfiltration across cloud services and browsing tools.
#salesforce-agentforce
more#salesforce-agentforce
Information security
fromThe Hacker News
6 days ago

Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions

Breach and Attack Simulation (BAS) performs real-world adversary crash tests to reveal security gaps that dashboards, logs, and compliance reports fail to expose.
#salesforce-breach
more#salesforce-breach
#salesforce
more#salesforce
Information security
fromThe Hacker News
1 week ago

ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent

A zero-click HTML prompt-injection (ShadowLeak) in ChatGPT Deep Research allowed exfiltration of Gmail inbox data via a single crafted email without user interaction.
#agentic-ai
more#agentic-ai
fromArs Technica
2 weeks ago

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

Accordingly, OpenAI mitigated the prompt-injection technique ShadowLeak fell to-but only after Radware privately alerted the LLM maker to it. A proof-of-concept attack that Radware published embedded a prompt injection into an email sent to a Gmail account that Deep Research had been given access to. The injection included instructions to scan received emails related to a company's human resources department for the names and addresses of employees. Deep Research dutifully followed those instructions.
Information security
Information security
fromTheregister
2 weeks ago

Scattered Spider gang feigns retirement, breaks into bank

Scattered Spider remains active and has shifted focus to the financial sector, conducting a targeted intrusion against a US bank.
Information security
fromSecurityWeek
2 weeks ago

ChatGPT's New Calendar Integration Can Be Abused to Steal Emails

A ChatGPT calendar integration using MCP can be abused via crafted invites to execute attacker commands and exfiltrate a user's email data without invite acceptance.
Information security
fromThe Hacker News
4 weeks ago

Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries

APT28 deployed an Outlook VBA backdoor called NotDoor that monitors emails for a trigger to exfiltrate data, upload files, execute commands, and persist via DLL side-loading.
Information security
fromIT Pro
4 weeks ago

Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacks

Stealerium infostealer has surged, exfiltrating credentials, crypto wallets, Wi‑Fi and VPN data via multiple channels and leveraging social‑engineering lures for global campaigns.
#ransomware
more#ransomware
Information security
fromThe Hacker News
1 month ago

Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks

Storm-0501 performs cloud-native data exfiltration, destroys backups, and extorts victims without traditional malware, targeting hybrid cloud and multi-tenant environments to escalate privileges and evade detection.
Information security
fromThe Hacker News
1 month ago

ShadowSilk Hits 36 Government Targets in Central Asia and APAC Using Telegram Bots

ShadowSilk conducts spear-phishing campaigns to exfiltrate data from government organizations across Central Asia and APAC, leveraging YoroTrooper-related tooling and bilingual operators.
Information security
fromThe Hacker News
1 month ago

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

Hackers breached Salesloft to steal Drift OAuth and refresh tokens, enabling exfiltration of Salesforce data and credentials from multiple corporate instances.
Information security
fromTheregister
1 month ago

'Screenshot-grabbing' Chrome VPN extension still available

A popular Chrome VPN extension secretly captured page screenshots and transmitted them to a remote server despite verified status and Chrome Web Store safeguards.
#cybersecurity
Information security
fromHackernoon
3 months ago

In the Blink of an LED, Secrets Slip Away: The Rise of Optical Data Theft | HackerNoon

Optical data exfiltration makes air-gapped systems vulnerable, relying on LEDs to transmit sensitive information covertly.
Growth hacking
fromThe Hacker News
3 months ago

Water Curse Hijacks 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign

Introduction of a new threat actor, Water Curse, utilizing GitHub for malware distribution, targeting data exfiltration and persistent access.
fromHackernoon
3 months ago
Information security

In the Blink of an LED, Secrets Slip Away: The Rise of Optical Data Theft | HackerNoon

more#cybersecurity
fromIT Pro
2 months ago

Developers face a torrent of malware threats as malicious open source packages surge 188%

"Attackers are no longer simply experimenting with open source. The numbers are telling us that threat actors have identified data as the most profitable target, and developers as the easiest way in."
Privacy technologies
Node JS
fromThe Hacker News
5 months ago

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

A malicious campaign utilizes Node.js to distribute payloads that enable data theft, masquerading as cryptocurrency trading software.
LA Dodgers
fromTheregister
5 months ago

Whistleblower describes how DOGE tore through NLRB IT system

Whistleblower claims serious security breaches at NLRB due to DOGE's unrestricted data access.
[ Load more ]