ChatGPT Targeted in Server-Side Data Theft Attack
OpenAI has fixed this zero-click attack method called ShadowLeak by researchers. The post ChatGPT Targeted in Server-Side Data Theft Attack appeared first on SecurityWeek.
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The company said it recently detected suspicious activity targeting the cloud backup service for firewalls, and that unknown threat actors accessed backup firewall preference files stored in theRead More »SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT. “CountLoader is being used either as part of an Initial Access Broker’sRead More »CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
Tiffany Data Breach Impacts Thousands of Customers
The high-end jewelry retailer is informing customers in the United States and Canada that hackers accessed information related to gift cards. The post Tiffany Data Breach Impacts Thousands of Customers appeared first on SecurityWeek.
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems. “SilentSync is capable of remote command execution, file exfiltration, and screen capturing,” Zscaler ThreatLabz’s Manisha Ramcharan Prajapati and Satyam Singh said.Read More »SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
How CISOs Can Drive Effective AI Governance
AI’s growing role in enterprise environments has heightened the urgency for Chief Information Security Officers (CISOs) to drive effective AI governance. When it comes to any emerging technology, governance is hard – but effective governance is even harder. The first instinct for most organizations is to respond with rigid policies.Read More »How CISOs Can Drive Effective AI Governance
Threat Actor Infests Hotels With New RAT
RevengeHotels has been targeting hotels in Brazil and Spanish-speaking regions with VenomRAT implants in 2025. The post Threat Actor Infests Hotels With New RAT appeared first on SecurityWeek.
Time-of-Check Time-of-Use Attacks Against LLMs
This is a nice piece of research: “Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents“.: Abstract: Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks (e.g., prompt injection)Read More »Time-of-Check Time-of-Use Attacks Against LLMs
SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations
The company sent a new preferences file to less than 5% of customers, urging them to import it into firewalls and reset their passwords. The post SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations appeared first on SecurityWeek.
Nearly 250,000 Impacted by Data Breach at Medical Associates of Brevard
The BianLian ransomware group took credit for the cyberattack on the healthcare organization in January 2025. The post Nearly 250,000 Impacted by Data Breach at Medical Associates of Brevard appeared first on SecurityWeek.