EngageSDK Vulnerability puts millions of crypto wallets at risk
A newly disclosed vulnerability in the widely used Android library EngageSDK has raised serious concerns across the cryptocurrency ecosystem, potentially exp...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1041 — Exfiltration Over C2 Channel (Exfiltration)
Clear filter88 articles found
Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data
A high-severity flaw in GitHub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE...
To counter cookie theft, Chrome ships device-bound session credentials
Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attack...
Over 300K Americans compromised in Eurail breach
Eurail B.V.
The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences
A hacker allegedly stole 10+ PB of sensitive military and aerospace data from China’s National Supercomputing Center, risking national security. A massive al...
China’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data Theft
A threat actor has allegedly executed one of the largest data heists in China’s history, siphoning an astounding 10 petabytes of highly classified informatio...
Over 21K Wynn Resorts employees affected by breach
Major luxury hotel and casino operator Wynn Resorts had information from 21,775 of its employees exfiltrated in a ShinyHunters-claimed attack, which was init...
Cracks in the Bedrock: Agent God Mode
Unit 42 reveals "Agent God Mode" in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks.
Two prominent Egyptian journalists targeted with elaborate spearphishing campaign
Digital civil rights nonprofit Access Now released a report on the findings with the mobile security company Lookout on Wednesday, saying they saw evidence t...
SaaS integration breach leads to widespread data theft attacks
Snowflake confirmed unusual activity impacting a small number of its customers, stating the attacks did not exploit vulnerabilities in its own systems.
IBM Security Verify Access Flaws Let Remote Attackers Access Sensitive Data
IBM has issued an urgent security bulletin addressing a slew of vulnerabilities impacting IBM Verify Identity Access and IBM Security Verify Access. These fl...
Malicious PyPI package enables Claude prompt, data compromise
Malicious PyPI package enables Claude prompt, data compromise GBHackers News reports that threat actors have been distributing the illicit PyPI package 'herm...
Palo Alto weaponizes Vertex AI agents as double agents
Palo Alto Networks researchers demonstrated how AI agents built on Google Cloud's Vertex AI platform could be compromised and turned into double agents, enab...
Snowflake customers hit in data theft attacks after SaaS integrator breach
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. [.
GrafanaGhost Vulnerability Allows Data Theft via AI Injection
GrafanaGhost is a critical vulnerability in Grafana’s AI components that uses indirect prompt injection and protocol-relative URL bypasses to exfiltrate data.
Uffizi Galleries cyberattack: Data stolen, backups restore archive
Hackers targeted the Uffizi Galleries in February 2026, allegedly stealing the museum's entire photographic archive.
GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration
GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data
Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa
China-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Sto...
Windmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept Published
Cybersecurity researchers have discovered critical vulnerabilities in the Windmill developer platform and Nextcloud Flow, an integration embedding the Windmi...
Zero‑click Grafana AI attack can enable enterprise data exfiltration
Indirect prompt injection is possible on AI-powered dashboards, allowing exfiltration of sensitive enterprise data without user authentication. Security rese...