New BioShocking attack manipulates AI browser into data theft
A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, ca...
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
189 articles found
A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, ca...
Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in d...
The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and confi...
A critical cloud storage attack technique that exploits a fundamental architectural vulnerability shared across all major cloud service providers. The techni...
The attack exploited a zero-day vulnerability in Oracle PeopleSoft, an enterprise resource planning software.
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents
The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and by adding browser-in-the-middle...
ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate s...
The most severe flaw, CVE-2026-41947, resides in Dify's tracing system, enabling attackers to create a persistent channel for exfiltrating all messages and r...
Four flaws in Dify exposed cross-tenant data, documents and AI conversations. Two critical bugs enabled unauthenticated access and data theft.
Tata Electronics has reported a cybersecurity incident following claims from a ransomware-linked threat group that it has exfiltrated and published over 200,...
Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs. The post Th...
When securing an Amazon Web Services (AWS) environment, teams naturally prioritize inbound controls, firewalls, WAFs, and access policies, because that’s whe...
Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sale...
CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution. The post CryptoBandits Malware Doubles as a Back...
The hackers exfiltrated data from Salesforce instances of Klue customers, such as Huntress and Recorded Future. The post Cybersecurity Firms Impacted by Klue...
A novel Windows-based cryptocurrency clipper that has been active since February 2026 and leverages Windows Script Host (WScript) and ActiveXObject calls to ...
The attack involved the theft of OAuth credentials from Klue's Battlecards integration, which threat actors then used to access and exfiltrate data from cust...
The Shadowbyt3$ threat group claimed responsibility for the incident, alleging the exfiltration of sensitive employee data, including bank statements and W-9...
Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its sy...