Data Leak
New AI attack hides data-theft prompts in downscaled images
Researchers have developed a novel attack that steals user data by injecting malicious prompts in images processed by AI systems before delivering them to a large language model. The method relies on full-resolution images that carry instructions invisible to the human eye but become apparent when the image quality is lowered through resampling algorithms. Developed […]
North Korean Kimsuky hackers exposed in alleged data breach
The North Korean state-sponsored hackers known as Kimsuky has reportedly suffered a data breach after two hackers, who describe themselves as the opposite of Kimsuky’s values, stole the group’s data and leaked it publicly online. The two hackers, named ‘Saber’ and ‘cyb0rg,’ cited ethical reasons for their actions, saying Kimsuky is “hacking for all the wrong reasons,” claiming they’re […]
Tea app leak worsens with second database exposing user chats
The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app’s members. The Tea app is a women-only dating safety platform where members can share reviews about men, with […]
Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data
Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data. TCC is a security technology and a privacy framework that blocks apps from accessing private user data by providing macOS control over how their data is accessed and […]
France’s warship builder Naval Group investigates 1TB data breach
France’s state-owned defense firm Naval Group is investigating a cyberattack after 1TB of allegedly stolen data was leaked on a hacking forum. The company characterized this as a “destabilization attempt” and a “reputational attack,” to which it has responded by filing a complaint to protect its client’s data. Meanwhile, Naval Group is investigating with the […]
New ServiceNow flaw lets attackers enumerate restricted data
A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access. ServiceNow is a cloud-based platform that enables organizations to manage digital workflows for their enterprise operations. It is widely adopted across various industries, including public sector organizations, healthcare, financial institutions, and large […]
IdeaLab confirms data stolen in ransomware attack last year
IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information. Although the organization does not describe the type of attack, the Hunters International ransomware group has claimed the breach and leaked the stolen data on the dark web. IdeaLab is a California-based technology startup incubator that since 1996 has […]
Switzerland says government data stolen in ransomware attack
The government in Switzerland is informing that sensitive information from various federal offices has been impacted by a ransomware attack at the third-party organization Radix. The hackers have stolen data from Radix systems and later leaked it on the dark web, the Swiss government says. The exposed data is being analyzed with the help of the […]
Asana warns MCP AI feature exposed customer data to other orgs
Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa. The data exposure was due to a logic flaw in the MCP system and not the result of a hack, […]
Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot
A new attack dubbed ‘EchoLeak’ is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user’s context without interaction. The attack was devised by Aim Labs researchers in January 2025, who reported their findings to Microsoft. The tech giant assigned the CVE-2025-32711 identifier to the information disclosure flaw, rating […]