This week, ordinary digital tools turned into weapons: critical flaws in n8n, mass Android infections, AI prompt poaching, and global espionage show how small oversights can unleash cybercrime at scale.
A critical flaw in the widely used jsPDF library turned routine PDF generation into a security nightmare, enabling attackers to steal server data with a single document. Here’s how it happened—and why it matters.
A critical vulnerability in Apache Struts 2’s XWork component exposes countless Java web applications to data theft, denial-of-service, and network attacks. Here’s what you need to know and how to defend your systems.
Critical flaws in ChatGPT’s connector system and memory allowed attackers to siphon sensitive data from popular platforms like Gmail and GitHub. Learn how zero-click and persistent attacks turned AI productivity tools into silent data pipelines—and what was done to shut them down.
Two fake AI Chrome extensions, disguised as productivity tools, secretly stole private conversations and browsing data from 900,000 users—revealing the risks lurking in even trusted browser stores.
Over a million Chrome users unknowingly installed fake AI chat extensions that spied on their private and business conversations. The malicious add-ons, disguised with professional interfaces and even a Google Featured badge, used advanced techniques to steal sensitive data and send it to external servers every 30 minutes.
A major flaw in jsPDF’s Node.js builds lets attackers embed local files into PDFs, risking massive data breaches. Here’s what happened and how to defend your apps.
A single hacker used infostealer malware and stolen passwords to breach 50 major companies worldwide, exposing sensitive data due to basic security oversights like missing multi-factor authentication.
Three newly disclosed vulnerabilities in Coolify let attackers run arbitrary commands and steal SSH keys on over 52,000 exposed servers. Find out how these flaws work, the risks they pose, and what organizations must do to stay secure.
#Coolify vulnerabilities | #Remote code execution | #Data theft
A pair of malicious Chrome extensions, disguised as AI productivity tools, siphoned private ChatGPT and DeepSeek conversations from nearly a million users—exposing sensitive business and personal data in a sophisticated cybercrime campaign.