Researchers Trick AI Browsers Into Leaking Credentials
LayerX tricked AI browsers including ChatGPT Atlas and Comet into bypassing their guardrails
Data leaks can expose passwords, personal records, and business secrets, enabling identity theft, fraud, extortion, and follow-on cyberattacks.
Search across headline titles and summaries.
Background for this topic.
Leak is the unauthorized disclosure or exposure of information to people or systems not meant to receive it. It may be deliberate or accidental and can involve personal data, credentials, API keys, source code, trade secrets, or internal documents. A leak can result from theft and publication, an employee sending data to the wrong recipient, or an exposed cloud storage bucket, database, log, repository, or backup. The term describes the exposure, not necessarily how attackers obtained it; reporting may refer to both confirmed disclosure and suspected exposure.
Security teams should establish what data was accessible, to whom, and for how long, while distinguishing evidence of access from mere exposure. Exposed passwords, tokens, and keys should be revoked or rotated quickly, and affected systems checked for reuse or further access. Personal or regulated data may trigger privacy and reporting obligations, while leaked proprietary material can require legal and threat-intelligence monitoring. Prevention includes least-privilege access, secret scanning, safe sharing controls, encryption where appropriate, and monitoring for misconfigured public resources.
Weekly headline count for the current query.
LayerX tricked AI browsers including ChatGPT Atlas and Comet into bypassing their guardrails
How the Anubis ransomware group stole and leaked an Italian Adriatic port authority's data
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally
ShinyHunters has escalated its Canvas extortion campaign, defacing hundreds of school login pages and threatening to leak stolen data unless institutions negotiate
A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory
The FBI has warned that Iranian hacking group Handala has been targeting opponents of the regime since 2023
Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics
Ariomex database reveals potential sanctions evasion and capital transfers tied to Iranian actors
Accenture Cybersecurity warns over difficult to detect, “sophisticated toolset” being deployed as part of extortion campaigns
Ransomware victims surged in Q4 2025 despite fewer active extortion groups, with data leaks rising 50%, ReliaQuest researchers report
Nike is investigating after the World Leaks ransomware group posted a 1.4TB data dump
A database featuring 300,000+ users of notorious hacking forum BreachForums has been leaked online
Lack of visibility and governance around employees using generative AI is resulting in rise in data security risks
Data leaks have shed a new light on Intellexa’s flagship spyware infrastructure and attack vectors
The South Korean police are tracking the suspect behind a cyber-attack targeting e-commerce giant Coupang
A new study has revealed 65% of top AI firms have leaked sensitive data on GitHub, risking $400bn in assets
CrowdStrike data reveals a 13% annual increase in the number of European ransomware victims in 2025
Qilin ransomware activity has surged in late 2025, threatening data leaks via double extortion tactics
Lumma Stealer operators allegedly exposed in underground doxxing campaign, with sensitive details leaked by rival cybercriminals, according to Trend Micro