The integration of AI assistants into everyday software is turning familiar vulnerabilities into high-impact threats. Learn how a recent Excel exploit shows that every old bug can now trigger AI-powered data breaches.
#AI Vulnerabilities | #Data Exfiltration | #Privilege Amplification
Capsule Security, a Tel Aviv-based startup, has raised $7 million to launch a platform that continuously monitors and intervenes in the behavior of AI agents, aiming to close the security gap in enterprise environments.
A state-linked threat group executed a sweeping, multi-phase cyber operation across the Middle East, scanning over 12,000 systems and exploiting new vulnerabilities to steal sensitive data from aviation and energy sectors. Technical evidence points to MuddyWater-style tactics and evolving state-aligned cyber warfare.
Dragonforce has claimed responsibility for ransomware attacks on Million Dollar Baby Co. and a string of other industry leaders. This feature investigates the scope of the breaches, the tactics used, and the growing threat ransomware poses to businesses of all sizes.
Hermes-px, a malicious PyPI package disguised as an AI proxy, secretly logged user data, stole confidential AI prompts, and exposed real IP addresses, demonstrating the rising sophistication of software supply chain threats.
The GrafanaGhost vulnerability allows hackers to exfiltrate sensitive data from Grafana dashboards using AI manipulation, all without user awareness. Learn how this silent exploit works and why it signals a shift in cybersecurity challenges.
GrafanaGhost is a stealthy vulnerability in Grafana’s AI analytics engine that enables attackers to exfiltrate sensitive enterprise data with zero user interaction. By chaining prompt injection and image URL validation flaws, threat actors can turn trusted dashboards into covert data leak tools—highlighting new risks in the age of AI-driven analytics.
Anthropic’s Claude Code AI assistant suffered a major security lapse, allowing hackers to bypass user-defined protections by exploiting a hidden parser limit. Here’s how the flaw exposed sensitive data and what developers should do now.
A seemingly trustworthy AI proxy library on PyPI, hermes-px, was actually a sophisticated Trojan. It hijacked a university’s private AI service, injected stolen Anthropic Claude prompts, and sent users’ conversations straight to a cybercriminal’s database. Learn how this attack unfolded and what it means for open-source security.
A compromised software update enabled hackers to steal 340GB of sensitive data from the European Commission’s cloud, impacting dozens of EU organizations and exposing critical supply chain vulnerabilities.