Автор: Elizabeth Montalbano, Contributing Writer

A prompt injection flaw in the AI feature of the workforce collaboration suite makes malicious queries of data sources appear legitimate.

A server-side request forgery (SSRF) bug in Microsoft’s tool for creating custom AI chatbots potentially exposed info across multiple tenants within cloud environments.

Feds confirmed Iran’s involvement in email attack against Roger Stone after Microsoft, Google reported Iranian APT action against both presidential campaigns.

The threat group tracked as APT42 remains on the warpath with various phishing and other social engineering campaigns, as tensions with Israel rise.

Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.

Computer infrastructure in the US, UK, and Germany associated with the cybercriminal group, which targeted SMBs using double extortion, is officially out of commission.

Computer infrastructure in the US, UK, and Germany associated with the cybercriminal group, which targeted SMBs using double extortion, is officially out of commission.

Earth Baku, yet another subgroup of the highly active and increasingly sophisticated collective, is moving into EMEA with new malware and living-off-the-land (LOL) tactics.

Attackers can use a seemingly innocuous IP address to exploit localhost APIs to conduct a range of malicious activity, including unauthorized access to user data and the delivery of malware.

The evolving malware is targeting hospitality and other B2C workers in Canada and Europe with capabilities that can evade Android 13 security restrictions.