Sead Fadilpašić

A bug allowed hackers to inject DLLs without user interaction, gaining access to the underlying system.

In total, 34 Black Axe cybercrime gang members were arrested, including core 10 members.

Instagram says it isn't a data breach, but users should still be on their guard.

Kimsuky's latest attacks can bypass email protections and MFA to steal M365 and VPN accounts.

The directives served their purpose and are no longer needed.

Despite the police's best efforts, ransomware continues to rise with more actors, more victims, and more trouble.

Bob is also susceptible to indirect prompt injection, but only under specific conditions.

ChatGPT was vulnerable to prompt injection, but OpenAI apparently fixed it.

A human mistake resulted in a major data leak in late September 2025.

Emails used by staff members of “powerful committees in the US House of Representatives were allegedly breached.

A PoC is out there, but there's no evidence of abuse yet.

There is no fix available, but you can always revert to an older version.

A patch and workarounds are available.

Crooks are abusing misconfigurations to trick victims into thinking they received an email from their bosses and HRs.

Shadow AI remains a key challenge for organizations as employees share more and more sensitive data with unvetted tools.

Poisoned knowledge graphs can make the LLM hallucinate, rendering it useless to the thieves.

Users are advised to replace outdated gear to avoid being targeted.

Two extensions were found exfiltrating all AI prompts.

Brightspeed is looking into claims of a data breach, made earlier by threat actors Crimson Collective.

Popular AI interface was plagued by an 8/10 bug, but a fix is now available.

50 companies allowed access to cloud instances with just a password and were compromised with infostealers.

Scattered Lapsus$ Hunters fell for a honeypot and exposed IP addresses and other valuable data.

A new campaign is targeting the European hospitality industry.