OpenAI has fixed a vulnerability in ChatGPT Deep Research after researchers found a prompt injection method to exfiltrate PII. This article has been indexed from Malwarebytes Read the original article: ChatGPT Deep Research zero-click vulnerability fixed by OpenAI
ImmuniWeb offers free tool to test quantum resilience of TLS stacks
ImmuniWeb has released a free online tool that checks whether websites are protected by post-quantum cryptography (PQC). The tool analyzes SSL/TLS configurations and verifies their compliance with the latest quantum-resilient encryption standards from NIST. It also checks for adherence to…
Zero-Click Vulnerability in ChatGPT’s Agent Enables Silent Gmail Data Theft
Researchers at Radware found a zero-click flaw in ChatGPT Deep Research agent when connected to Gmail and browsing This article has been indexed from www.infosecurity-magazine.com Read the original article: Zero-Click Vulnerability in ChatGPT’s Agent Enables Silent Gmail Data Theft
UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London
U.K. police arrested two teens from the Scattered Spider group for their role in the August 2024 cyberattack on Transport for London. U.K. law enforcement authorities arrested two teenagers who are members of the notorious Scattered Spider hacking group in connection with…
How To Automate Alert Triage With AI Agents and Confluence SOPs Using Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition. The…
Luxury Jeweler Tiffany Reports Data Breach Exposing User Personal Data
Luxury jeweler Tiffany and Company has confirmed a data breach that exposed the personal information of 2,590 customers. The company discovered unauthorized access to an external system on September 9, 2025, but determined the incident first occurred on May 12, 2025.…
ChatGPT Tricked Into Solving CAPTCHAs
The AI agent was able to solve different types of CAPTCHAs and adjusted its cursor movements to better mimic human behavior. The post ChatGPT Tricked Into Solving CAPTCHAs appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
CISA Analyzes Malware From Ivanti EPMM Intrusions
Hackers chained two Ivanti EPMM vulnerabilities to collect system information, dump credentials, and execute malware. The post CISA Analyzes Malware From Ivanti EPMM Intrusions appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: CISA…
Nokia CBIS/NCS Manager API Vulnerability Allows Attackers to Bypass Authentication
On September 18, 2025, Orange Cert publicly disclosed a critical authentication bypass vulnerability affecting Nokia’s CBIS (CloudBand Infrastructure Software) and NCS (Nokia Container Service) Manager API (CVE-2023-49564). With a CVSS 3.1 score of 9.6 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), the vulnerability poses a severe…
UK Police Arrest Two Scattered Spider Hackers Over London Transport Breach
UK law enforcement agencies have arrested two individuals linked to the notorious Scattered Spider cybercriminal group. The arrests, announced on Tuesday, pertain to a sophisticated attack on London’s transport systems. Authorities say the suspects infiltrated critical infrastructure networks, demanding ransom…
CISOs Concerned of AI Adoption in Business Environments
UK security leaders are making their voices heard. Four in five want DeepSeek under regulation. They see a tool that promises efficiency but risks chaos. Business is already under pressure. Trade disputes drag on. Interest rates remain high. Cyber threats…
Threat landscape for industrial automation systems in Q2 2025
Kaspersky industrial threat report contains statistics on various malicious objects detected and blocked on ICS computers by Kaspersky solutions in Q2 2025. This article has been indexed from Securelist Read the original article: Threat landscape for industrial automation systems in…
Surveying the Global Spyware Market
The Atlantic Council has published its second annual report: “Mythical Beasts: Diving into the depths of the global spyware market.” Too much good detail to summarize, but here are two items: First, the authors found that the number of US-based…
OpenAI plugs ShadowLeak bug in ChatGPT that let miscreants raid inboxes
Radware says flaw enabled hidden email prompts to trick Deep Research agent into exfiltrating sensitive data ChatGPT’s research assistant sprung a leak – since patched – that let attackers steal Gmail secrets with just a single carefully crafted email.… This…
Netskope Raises Over $908 Million in IPO
Netskope has debuted on Nasdaq and its shares soared more than 18%, bringing the company’s value to $8.6 billion. The post Netskope Raises Over $908 Million in IPO appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Russian Hacking Groups Gamaredon and Turla Target Organizations to Deliver Kazuar Backdoor
Silhouetted hooded figures represent Russian hackers operating under the auspices of the FSB against targeted organizations. Two prominent Russian state-sponsored hacking groups, Gamaredon and Turla, have been observed collaborating in sophisticated cyberattacks targeting Ukrainian organizations to deploy the advanced Kazuar…
Qilin Led Ransomware Attack Claimed to Compromised 104 Organizations in August
The ransomware threat landscape witnessed a dramatic shift in August 2025 as the Qilin group claimed responsibility for 104 separate attacks worldwide. Emerging earlier this year, Qilin quickly cemented its position through aggressive double-extortion tactics and a broad affiliate recruitment…
New Malware Loader ‘CountLoader’ Weaponized PDF File to Deliver Ransomware
In recent months, security teams have observed the emergence of a sophisticated malware loader, dubbed CountLoader, which leverages weaponized PDF files to deliver ransomware payloads. First detected in late August 2025, CountLoader is linked to multiple Russian-speaking cybercriminal groups, including…
Charities warn Ofcom too soft on Online Safety Act violators
Another blow for the legislation as Parliament continues to hear stakeholder views As UK ministers continue to quiz stakeholders over the effectiveness of the Online Safety Act, one charity chief raised concerns over the robustness of Ofcom’s enforcement of the…
WatchGuard Issues Fix for 9.3-Rated Firebox Firewall Vulnerability
WatchGuard has issued a critical security alert for its Firebox firewalls due to a serious vulnerability, CVE-2025-9242. Learn what this ‘out-of-bounds write’ flaw means, which Fireware OS versions are affected, and the urgent steps to take to protect your network…
CISA Alerts of Hackers Targeting Ivanti Endpoint Manager Mobile Vulnerabilities to Distribute Malware
Cyber threat actors have weaponized two critical Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities—CVE-2025-4427 and CVE-2025-4428—to deploy sophisticated malicious loaders and listeners on compromised servers. The malware consists of two sets of components: Loader 1 (web-install.jar, ReflectUtil.class, SecurityHandlerWanListener.class) and Loader 2…
Two Scattered Spider Suspects Arrested in UK; One Charged in US
Thalha Jubair and Owen Flowers were charged in the UK and the US with hacking critical infrastructure organizations. The post Two Scattered Spider Suspects Arrested in UK; One Charged in US appeared first on SecurityWeek. This article has been indexed…
Global Spyware Markets to Identify New Entities Entering The Market
The global spyware market continues its alarming expansion, with new research revealing the emergence of 130 additional entities spanning 46 countries between 1992 and 2024. This shadowy ecosystem of surveillance technologies has grown from 435 documented entities in the initial…
New Wave of Self-Replicating NPM Malware Exposes Critical Gaps in Software Supply Chain Security
The Shai-Hulud NPM worm highlights rising open-source supply chain threats. Secure builds with SBOMs, MFA, signed packages, and zero-trust defenses. The post New Wave of Self-Replicating NPM Malware Exposes Critical Gaps in Software Supply Chain Security appeared first on Security…