Advertisement

AI Agents Vulnerable to Data Leak via Poisoned MCP Tools
Microsoft warns that malicious tool descriptions for AI agents can lead to stealthy data exfiltration, bypassing security controls by mimicking routine actions.
Agentic AI Identity Problem: New Attack Surface for Enterprises
Agentic AI systems pose novel identity and access management challenges, creating new attack vectors for data exfiltration and privilege escalation.

China-Nexus Actor: Year-Long Espionage Against US Researchers
A China-nexus actor spied on US researchers for a year, stealing RedCAP credentials and exfiltrating sensitive data from numerous institutions, discovered by Google.

Microsoft 365 Copilot SearchLeak: One-Click Data Exfiltration
Varonis Threat Labs uncovered 'SearchLeak', a one-click flaw in Microsoft 365 Copilot Enterprise Search allowing exfiltration of emails, files, and MFA codes.
University of Nottingham Confirms Breach After ShinyHunters Data Leak
The University of Nottingham confirms a data breach after the ShinyHunters group leaked over 450,000 records, highlighting risks to academic data security.

OpenAI ChatGPT Lockdown Mode: Mitigating Prompt Injection Exfiltration
OpenAI introduces ChatGPT Lockdown Mode for personal accounts to prevent prompt injection attacks from exfiltrating sensitive data via external tools.
BlackFile: Analyzing UNC6671 Vishing & Cloud Data Extortion
Examines UNC6671's BlackFile vishing, AiTM, and cloud data exfiltration tactics against Microsoft 365 & Okta. Actionable mitigations included.
West Pharmaceutical Breach: Analysis of System Encryption
West Pharmaceutical Services confirms data exfiltration and system encryption in a major cyberattack. Learn about the impact and defense strategies.

Hugging Face Model Supply Chain Vulnerability: Tokenizer Hijacking
Attackers can weaponize Hugging Face AI models by manipulating tokenizer files, leading to model output hijacking and sensitive data exfiltration. Learn how to mitigate

Google Chrome ABE Bypass: Heightened Infostealer Threat
VoidStealer Trojan authors bypass Google Chrome's App-Bound Encryption (ABE), enabling infostealers to exfiltrate cookies and credentials from users.

Microsoft and Salesforce Patch Prompt Injection Flaws in AI Agents
Researchers identified prompt injection vulnerabilities in Microsoft Copilot and Salesforce Agentforce that could allow attackers to exfiltrate sensitive data.
Multi-Extortion Ransomware Tactics: A Deeper Dive
Analyze the evolution of multi-extortion ransomware, its reliance on data leaks, and strategies for mitigating the impact of exfiltrated data.