More results...
Radware researchers revealed a service-side flaw in OpenAI’s ChatGPT. The ShadowLeak attack had used indirect prompt injection to bypass defences and leak sensitive data, but the issue has since been fixed.
Researchers have discovered a critical zero-click vulnerability in ChatGPT’s Deep Research agent that allows attackers to silently steal sensitive Gmail data without any user interaction. This sophisticated attack leverages service…
In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce insta…
A sophisticated voice phishing operation has emerged as a significant threat to organizations worldwide, with cybercriminals successfully infiltrating Salesforce environments to steal sensitive data and demand ransom payments. Google’s Threat Int…
A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot,” a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rented out the botnet to online extortionists, and tried to stay off the radar of law enforcement by ensuring that their botnet was never pointed at KrebsOnSecurity.
A cybersecurity researcher has demonstrated how a carefully crafted Gmail message can trigger code execution through Claude Desktop, Anthropic’s AI assistant application, highlighting a new class of vulnerabilities in AI-powered systems that don&…
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.
Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords.
The post Russian Hackers Bypass Gmail MFA with App Specific Password Ruse appeared first on SecurityWeek.
A major supply chain security incident has rocked the Python open-source community as researchers at Socket’s Threat Research Team uncovered seven interconnected malicious packages published on the Python Package Index (PyPI). These packages Coff…
A sophisticated phishing attack exploiting a loophole in Google’s OAuth infrastructure has surfaced, raising significant concerns about the security of Gmail users worldwide. Security researcher Nick Johnson (@nicksdjohnson) recently shared details of …