Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data.
Check Point says outbound controls blocked web traffic but overlooked DNS OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed.…
Also: EU Bans AI Tools, Notepad++ Secures Updater, Apple Patches iOS Zero-DayThis week, Cambodia shuttered 200 scam centers. EU Parliament banned AI tools. Canada Goose disputed a ShinyHunters leak. Notepad++ patched an updater flaw. Apple fixed a decades-old iOS zero-day. BeyondTrust and Dell patched critical flaws under active exploitation.
A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not applicable and did not respond to multiple requests for comment. [...]
A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not applicable and did not respond to multiple requests for comment. [...]
PLUS: Veeam patches critical vuln; Crims bribing dark web insiders; UK school takedown; And more infosec in brief Meta has fixed a flaw in its Instagram service that allowed third parties to generate password reset emails, but denied the problem led to theft of users’ personal information.…
Instagram says it fixed a bug that allowed threat actors to mass-request password reset emails, amid claims that data from more than 17 million Instagram accounts was scraped and leaked online. [...]
Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. [...]
Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. [...]
Plaintext transmissions, fixed MAC addresses, rotating 'unique' IDs, and more, make abuse easy Tile Bluetooth trackers leak identifying data in plain text, giving stalkers an easy way to track victims despite Life360's security promises, a group of Georgia Tech researchers warns.…
More fun with AI agents and their security holes A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that they were able to buy for a measly five bucks.…
Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's machine, and run arbitrary code.…
Google fixed a bug that allowed maliciously crafted Google Calendar invites to remotely take over Gemini agents running on the target's device and leak sensitive user data. [...]
Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared. [...]
ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. [...]
The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.
Unverified users could scoop up data on high-value individuals without any form of verification process Neighbourhood Watch (NW) groups across the UK can now rest easy knowing the developers behind a communications platform fixed a web app bug that leaked their data en masse.…
High-profile individuals including MPs said to be caught up in leak Exclusive Taxi software biz iCabbi recently fixed an issue that exposed the personal information of nearly 300,000 individuals via an unprotected database.…
ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Infosec in brief If your Windows domain controllers have been crashing since a security update was installed earlier this month, there's no longer any need to speculate why: Microsoft has admitted it introduced a memory leak in its March patches and fixed the issue.…
Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface). [...]