Tag

Data Exfiltration

All articles tagged with #data exfiltration

security5 days ago•2 min saved

BeyondTrust Flaw Sparks Global Web Shell Campaigns and Data Theft

Threat actors are exploiting CVE-2026-1731 in BeyondTrust RS/PRA to run OS commands, deploy web shells and backdoors, establish C2, and exfiltrate data across sectors worldwide. Unit 42 reports use of a thin-scc-wrapper via WebSocket to execute commands in the site user context, effectively taking control of appliances and traffic. Campaigns include PHP backdoors, VShell, a bash dropper, and Spark RAT, with staged exfiltration of config files, internal databases, and PostgreSQL dumps. The activity aligns with prior CVE-2024-12356 issues, and CISA KEV confirms exploitation in ransomware operations.

via The Hacker News|

#beyondtrust #cve-2026-1731 #data-exfiltration

technology26 days ago•7 min saved

Coordinated Chrome Extensions Hijack Affiliate Links and Loot ChatGPT Tokens

Security researchers uncovered a coordinated campaign of 29 Chrome extensions that covertly inject affiliate tags into product URLs on major retailers (Amazon, AliExpress, Best Buy, Shein, Shopify, Walmart), siphoning commissions and scraping data; a separate set of 16 extensions targets ChatGPT by injecting scripts into chatgpt.com to steal authentication tokens, enabling access to user conversations and data. The findings also reference a malware-as-a-service kit called Stanley that could help attackers generate extensions capable of bypassing Google’s vetting, highlighting the growing risk of malicious browser extensions as an attack surface.

via The Hacker News|

#affiliate-links #chatgpt-tokens #chrome-extensions

technology29 days ago•3 min saved

Malicious AI Extensions for VS Code Steal Code and Report to China

Security researchers uncovered two VS Code extensions marketed as AI coding assistants—ChatGPT-中文版 and ChatMoss—that secretly siphon every opened file and edits to China-based servers, with about 1.5 million total installs; the same spyware runs in both extensions and can exfiltrate up to 50 files on command, plus a hidden iframe loads Chinese analytics SDKs for device fingerprinting. The report also highlights six zero-day flaws in JavaScript package managers (PackageGate) affecting npm, pnpm, vlt, and Bun, with npm declining to fix them; guidance emphasizes vetting packages, disabling lifecycle scripts, and enforcing strong token and 2FA practices to secure the software supply chain.

via The Hacker News|

#cybersecurity #data-exfiltration #malware

security1 month ago•5 min saved

Prompt-Injected Invites Expose Private Calendar Data Through Google Gemini

Security researchers disclosed a flaw in Google Gemini where a crafted calendar invite enables indirect prompt injection, causing Gemini to summarize and exfiltrate private meeting data by creating a new calendar event that could be visible to attackers; the finding highlights AI-enabled attack surfaces and the need for stronger guardrails and identity controls across AI workflows.

via The Hacker News|

#ai-security #calendar-privacy #data-exfiltration

technology1 month ago•4 min saved

Single-click prompt exploit drains Copilot Personal data in stealthy stages

Security researchers demonstrated a one-click, multistage prompt-injection attack against Copilot Personal that exfiltrated user data from chat histories, even after the chat was closed. The exploit used a malicious URL parameter and bypassed some endpoint protections by triggering repeated requests (“reprompt”), exposing names, locations, and event details. Microsoft has patched the flaw, with Copilot Personal affected but not Microsoft 365 Copilot.

via Ars Technica|

#ai #copilot #data-exfiltration

security1 month ago•5 min saved

Reprompt flaw lets attackers hijack Copilot sessions via malicious prompts

Researchers exposed 'Reprompt', a flaw that injects commands via Copilot's URL q parameter to hijack an authenticated session and exfiltrate data, using P2P injection, double-request, and chain-request techniques; Microsoft patched the vulnerability on January 2026 Patch Tuesday, mainly affecting Copilot Personal rather than Microsoft 365 Copilot, and users should apply the latest Windows updates.

via BleepingComputer|

#copilot #data-exfiltration #prompt-injection

technology1 month ago•4 min saved

Chrome Extensions Steal Chats from 900,000 Users

Researchers have uncovered two malicious Chrome extensions with over 900,000 users that steal ChatGPT and DeepSeek chat conversations along with browsing data, sending this information to remote servers. These extensions impersonate legitimate tools, request permissions under false pretenses, and exfiltrate sensitive data, posing significant privacy and security risks. The discovery highlights the growing threat of prompt poaching and the need for users to be cautious about extension permissions and sources.

via The Hacker News|

#ai-chat-privacy #chrome-extensions #cybersecurity

threat-intelligence4 months ago•4 min saved

CL0P Hackers Exploit Oracle Flaw in Widespread Data Breach

Hackers linked to Cl0p exploited a zero-day flaw in Oracle's E-Business Suite to breach dozens of organizations, using sophisticated malware and extortion tactics, with ongoing assessments of the full scope of the attack.

via The Hacker News|

#cl0p #cyberattack #data-exfiltration

security5 months ago•5 min saved

Salesloft Drift Breach Affects Salesforce and Beyond

A threat actor exploited a vulnerability in the Salesloft Drift integration to exfiltrate sensitive Salesforce data using compromised OAuth credentials, prompting immediate security measures and urging organizations to review logs, rotate credentials, and enhance threat hunting efforts.

via Unit 42|

#data-exfiltration #drift-integration #salesforce-compromise

cybersecurity7 months ago•4 min saved

Scattered Spider Launches Multi-Vector Attacks on Critical Infrastructure and Data

The FBI and international agencies warn that the cybercriminal group Scattered Spider has adapted its tactics, now using sophisticated social engineering, legitimate remote access software, and new malware like DragonForce to infiltrate organizations, exfiltrate data, and deploy ransomware rapidly. They target sectors like retail, insurance, and aviation, often exfiltrating data to multiple sites and quickly deploying ransomware such as DragonForce, especially targeting VMware ESXi servers. Despite recent arrests slowing their activity, authorities advise organizations to strengthen defenses through offline backups, multi-factor authentication, and application controls.

via theregister.com|

#cyber-threats #cybersecurity #data-exfiltration

technology8 months ago•2 min saved

Critical Security Flaw in Microsoft 365 Copilot Raises Zero-Click Attack Concerns

Researchers uncovered 'EchoLeak,' a critical zero-click vulnerability in Microsoft 365 Copilot that allows silent exfiltration of sensitive data through prompt injection, highlighting emerging risks in AI-integrated enterprise systems. Microsoft fixed the flaw in May, with no evidence of exploitation, but the attack demonstrates the need for enhanced defenses against LLM scope violations.

via BleepingComputer|

#ai-vulnerability #data-exfiltration #echoleak

mobile-security-financial-fraud1 year ago•3 min saved

8 Million Android Users Urged to Delete SpyLoan Apps Amid Malware Threat

Over 8 million Android users have been affected by SpyLoan malware embedded in over a dozen loan apps on the Google Play Store, according to McAfee Labs. These apps, which target users in various countries by offering quick loans, use social engineering to extract sensitive information and permissions, leading to potential extortion and financial loss. Despite some apps being removed or modified to comply with Google Play policies, the threat persists as these apps share a common framework for data encryption and exfiltration. Users are advised to scrutinize app permissions and developer legitimacy to mitigate risks.

via The Hacker News|

#android-apps #data-exfiltration #financial-fraud

cybersecurity1 year ago•1 min saved

"Russian Hackers' Microsoft Breach Sparks U.S. Government Email Security Alert"

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive for federal agencies to search for signs of compromise and take preventive measures following the recent Microsoft breach, attributed to a Russian nation-state group. The breach led to the theft of email correspondence with the company, posing severe risks to government entities. CISA has urged affected parties to analyze exfiltrated emails, reset compromised credentials, and ensure security for privileged Microsoft Azure accounts. All federal agencies have been notified, and impacted organizations are advised to apply stringent security measures. CISA has also released a new malware analysis system, Malware Next-Gen, for organizations to submit suspicious artifacts for analysis.

via The Hacker News|

#cisa #cyber-attack #cybersecurity

cybersecurity1 year ago•2 min saved

"Uncovering the Latest SharePoint Vulnerabilities: How Hackers Can Stealthily Steal Files"

Researchers have discovered two techniques that allow attackers to bypass audit logs or generate less severe entries when downloading files from Microsoft SharePoint, potentially enabling silent data exfiltration. The first technique takes advantage of SharePoint's "Open in App" feature to avoid generating a "FileDownloaded" event in audit logs, while the second involves spoofing the User-Agent string to make file downloads appear as data syncing events. Microsoft has added these flaws to a patch backlog for future fixing, so SharePoint admins should monitor for unusual access activity and device introductions while awaiting patches.

via BleepingComputer|

#cybersecurity #data-exfiltration #microsoft

technology2 years ago•8 min saved

The Dangers of Borrowing iPhone Cables: Why You Should Invest in Your Own

The OMG Cable, dubbed the world's "most dangerous USB cable," has been updated to include even more advanced capabilities. These innocent-looking cables, which resemble regular iPhone charging cables, can capture keystrokes, steal credentials, exfiltrate data, and plant malware without the user's knowledge. The cables can be controlled remotely through a WiFi access point and are designed for researchers and red-teams testing enterprise defenses. However, they are readily available online and pose a significant risk if they fall into the wrong hands. Users are advised to only use authorized cables and be cautious when plugging in unknown devices.

via Forbes|

#cybersecurity #data-exfiltration #hacking