Security news aggregator

Latest coverage for Data Exfiltration

Stay informed on data exfiltration threats. Protect sensitive information with the latest news and expert insights on prevention and response strategies.

85 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Data exfiltration is the covert or unauthorized transfer of sensitive information from an organization’s internal systems to an external destination controlled by an attacker. This technique often targets intellectual property, personal data, or credentials and can be executed via malware, compromised insiders, or misconfigured cloud services. Attackers may use encrypted channels, steganography, or legitimate protocols to evade detection.

Effective defense focuses on limiting data access through strict permissions, monitoring network traffic for unusual outbound flows, and deploying data loss prevention (DLP) tools that identify and block suspicious transfers. Endpoint detection and response (EDR) solutions can detect anomalous processes attempting exfiltration. Understanding typical data flows and establishing baseline behavior is crucial to spotting deviations that indicate exfiltration attempts.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 85

TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing attacks from initial access to data exfiltration.

Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage.  The root cause of slow MTTR is almost never "not enough analysts." It is almost always the same structural problem: threat intelligence that exists

Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and  The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the

Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely

Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution

Agentic features open the door to data exfiltration or worse Feature With great power comes great vulnerability. Several new AI browsers, including OpenAI's Atlas, offer the ability to take actions on the user's behalf, such as opening web pages or even shopping. But these added capabilities create new attack vectors, particularly prompt injection.…

For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the single largest uncontrolled channel for corporate data

Loading more headlines...