Attackers Seize Exposed AI Endpoints to Power Offensive Ops
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.
Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. The post When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps appeared first on Microsoft Security Blog.
Database Misconfiguration Exposed 1.5 million API TokensA misconfigured database at Moltbook, the viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 email addresses and private messages. Security researchers discovered unauthenticated read and write access to all platform data within days of launch.
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks
'Widespread Data Theft Campaign' Compromised Many Drift OAuth Tokens, Warn ExpertsThreat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for applications integrated with Salesloft's AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached.
Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks