Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures
Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks
Zero-click prompt injection can leak data when AI agents meet messaging apps, researchers warn AI agents can shop for you, program for you, and, if you're feeling bold, chat for you in a messaging app. But beware: attackers can use malicious prompts in chat to trick an AI agent into generating a data-leaking URL, which link previews may fetch automatically.…
AI goes off the rails … because of shoddy guardrails Researchers at Pen Test Partners found four flaws in Eurostar's public AI chatbot that, among other security issues, could allow an attacker to inject malicious HTML content or trick the bot into leaking system prompts. Their thank you from the company: being accused of "blackmail."…
Two-day exploit opened up 3.5 billion users to myriad potential harms Researchers in Austria used a flaw in WhatsApp to gather the personal data of more than 3.5 billion users in what they believe amounts to the "largest data leak in history."…
Research submitted to Parliament details deaths, raids, and mental trauma linked to 2022 relocation leak Research submitted to the UK Parliament has revealed explicit threats to life and the deaths of family members and colleagues directly linked to the Ministry of Defence's 2022 Afghan relocation scheme data breach.…
Vibe coding may have played a role in what took researchers months to fix Developers of VS Code extensions are leaking sensitive secrets left, right and center, according to researchers who worked with Microsoft to combat an issue that could have led to some nasty supply chain attacks.…
Plaintext transmissions, fixed MAC addresses, rotating 'unique' IDs, and more, make abuse easy Tile Bluetooth trackers leak identifying data in plain text, giving stalkers an easy way to track victims despite Life360's security promises, a group of Georgia Tech researchers warns.…
More fun with AI agents and their security holes A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that they were able to buy for a measly five bucks.…
Radware says flaw enabled hidden email prompts to trick Deep Research agent into exfiltrating sensitive data ChatGPT's research assistant sprung a leak – since patched – that let attackers steal Gmail secrets with just a single carefully crafted email.…
MAPP program to blame? A week after Microsoft told the world that its July software updates didn't fully fix a couple of bugs, which allowed miscreants to take over on-premises SharePoint servers and remotely execute code, researchers have assembled much of the puzzle — with one big missing piece.…
ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit Researchers at ETH Zurich in Switzerland have found a way around Intel's defenses against Spectre, a family of data-leaking flaws in the x86 giant's processor designs that simply won't die.…
Researchers say there's dissent in the ranks. Plus: An AI tool lets you have a go yourself at analysing the data Hundreds of thousands of internal messages from the Black Basta ransomware gang were leaked by a Telegram user, prompting security researchers to bust out their best Russian translations post haste.…
Better check your widgets, people Security researchers say that thousands of companies are potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations.…
Beijing aimed research at immediate needs – like blocking leaks – while the US sought abstract knowledge China has an undeniable lead in quantum networking technology – a state of affairs that should give the US pause, despite its lead in quantum computing.…
Huawei is OK, but Xiaomi, OPPO, and Samsung are in strife. And Honor isn't living its name Many Chinese keyboard apps, some from major handset manufacturers, can leak keystrokes to determined snoopers, leaving perhaps three quarters of a billion people at risk according to research from the University of Toronto’s Citizen Lab.…
Also down under, researchers find security-cleared workers leaking details of their gigs An Australian IT contractor has been sentenced to 30 months jail for ripping off the National Maritime Museum.…
Advarra probes intrusion claims, says 'the matter is contained' Ransomware crooks claim they've stolen data from a firm that helps other organizations run medical trials after one of its executives had their cellphone number and accounts hijacked.…
Ransomware group nicked info from employee of airline, say researchers Aerospace giant Airbus has fallen victim to a data breach, thanks in part to the inattention of a third party.…
Kaspersky cracks the code, so get busy before the next update comes Good news for ransomware victims: Kaspersky security researchers say they've cracked the Conti ransomware code and released a decryptor tool after uncovering leaked data belonging to the notorious Russian crime group.…
POS and online ordering vendor StoreHub offered free Asian info takeaways Researchers at security product recommendation service Safety Detectives claim they’ve found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub.…