Tag

Data Exfiltration

All articles tagged with #data exfiltration

security6 days ago•3 min saved

GitHub breach tied to poisoned VS Code extension hits thousands of internal repos

GitHub confirmed that a poisoned Visual Studio Code extension installed on an employee’s device led to the exfiltration of roughly 3,800 internal repositories; the malicious extension was removed from the VS Code Marketplace and the endpoint isolated, with incident response begun. Current assessment indicates only GitHub’s internal repositories were affected and there is no evidence that customer data outside the affected repos was compromised. The TeamPCP group has claimed access to about 4,000 repos on a cybercrime forum, though attribution remains unsettled. This follows a history of trojanized VS Code extensions used to steal code and credentials.

via BleepingComputer|

#data-exfiltration #github #internal-repositories

technology1 month ago•2 min saved

Batch of 108 Chrome extensions steals Google and Telegram data from about 20,000 users

Researchers uncovered a campaign of 108 Chrome extensions that funnel user data to a shared command-and-control backend, stealing Google account credentials via OAuth2, exfiltrating Telegram sessions, stripping security headers, and injecting ads and arbitrary scripts across every page you visit, in a campaign affecting roughly 20,000 installs. The extensions masqueraded as Telegram clients, gaming tools, and video enhancers, making the backdoor hard to spot; users should remove these extensions and log out of Telegram Web immediately.

via The Hacker News|

#backdoor #chrome-extension #data-exfiltration

security2 months ago•7 min saved

DarkSword: High-End iOS Exploit Kit Uses Zero-Days for Rapid Device Takeover

DarkSword is a JavaScript-based iOS exploit kit targeting iPhones on iOS 18.4–18.7 via watering-hole campaigns, chaining six vulnerabilities to achieve remote code execution, escaping the WebContent sandbox through the GPU into mediaplaybackd, escalating to kernel privileges, and then loading a data-collection module to exfiltrate a wide range of information (including emails, iCloud data, messages, wallet data, photos, contacts, and more) before cleaning up. Used by UNC6353 and linked groups such as UNC6748 and PARS Defense, the kit underscores a growing market for high-end iOS exploits and rapid, non-persistent data theft.

via The Hacker News|

#data-exfiltration #exploit-kit #ios

security2 months ago•3 min saved

OpenClaw Under Fire: Prompt Injection and Data Leakage Risks

CNCERT warns that OpenClaw’s weak default security and privileged execution could enable prompt-injection attacks, including indirect prompt injection via web content and link previews that leak sensitive data; other risks include misinterpretation causing data loss, uploading malicious skills to repositories like ClawHub, and exploiting known vulnerabilities. China is restricting OpenClaw in state entities, while attackers distribute malware via GitHub rep o s posing as OpenClaw installers. Mitigations include hardening networks, isolating the service, avoiding plaintext credentials, downloading skills only from trusted sources, disabling automatic updates, and keeping the agent up to date.

via The Hacker News|

#cncert #data-exfiltration #malicious-repositories

technology2 months ago•6 min saved

Cloud breaches pivot to new flaws as credential abuse wanes

Google’s threat intelligence shows cloud intrusions are increasingly driven by exploiting freshly disclosed third-party software flaws, shrinking the window to weaponize exploits to days. Weak credentials have declined as an attack vector while remote code execution flaws like React2Shell (CVE-2025-55182) and XWiki (CVE-2025-24893) are frequently exploited. Attacks often begin via phishing or stolen identities, with Iran-, China-, and North Korea–linked campaigns maintaining long-term access to steal data, crypto, and credentials. OpenID Connect abuse, supply-chain incidents, and insider threats also feature prominently, underscoring the need for automated, rapid incident response as cloud threats accelerate into 2026.

via BleepingComputer|

#apt #cloud-security #data-exfiltration

security3 months ago•2 min saved

BeyondTrust Flaw Sparks Global Web Shell Campaigns and Data Theft

Threat actors are exploiting CVE-2026-1731 in BeyondTrust RS/PRA to run OS commands, deploy web shells and backdoors, establish C2, and exfiltrate data across sectors worldwide. Unit 42 reports use of a thin-scc-wrapper via WebSocket to execute commands in the site user context, effectively taking control of appliances and traffic. Campaigns include PHP backdoors, VShell, a bash dropper, and Spark RAT, with staged exfiltration of config files, internal databases, and PostgreSQL dumps. The activity aligns with prior CVE-2024-12356 issues, and CISA KEV confirms exploitation in ransomware operations.

via The Hacker News|

#beyondtrust #cve-2026-1731 #data-exfiltration

technology3 months ago•7 min saved

Coordinated Chrome Extensions Hijack Affiliate Links and Loot ChatGPT Tokens

Security researchers uncovered a coordinated campaign of 29 Chrome extensions that covertly inject affiliate tags into product URLs on major retailers (Amazon, AliExpress, Best Buy, Shein, Shopify, Walmart), siphoning commissions and scraping data; a separate set of 16 extensions targets ChatGPT by injecting scripts into chatgpt.com to steal authentication tokens, enabling access to user conversations and data. The findings also reference a malware-as-a-service kit called Stanley that could help attackers generate extensions capable of bypassing Google’s vetting, highlighting the growing risk of malicious browser extensions as an attack surface.

via The Hacker News|

#affiliate-links #chatgpt-tokens #chrome-extensions

technology3 months ago•3 min saved

Malicious AI Extensions for VS Code Steal Code and Report to China

Security researchers uncovered two VS Code extensions marketed as AI coding assistants—ChatGPT-中文版 and ChatMoss—that secretly siphon every opened file and edits to China-based servers, with about 1.5 million total installs; the same spyware runs in both extensions and can exfiltrate up to 50 files on command, plus a hidden iframe loads Chinese analytics SDKs for device fingerprinting. The report also highlights six zero-day flaws in JavaScript package managers (PackageGate) affecting npm, pnpm, vlt, and Bun, with npm declining to fix them; guidance emphasizes vetting packages, disabling lifecycle scripts, and enforcing strong token and 2FA practices to secure the software supply chain.

via The Hacker News|

#cybersecurity #data-exfiltration #malware

security4 months ago•5 min saved

Prompt-Injected Invites Expose Private Calendar Data Through Google Gemini

Security researchers disclosed a flaw in Google Gemini where a crafted calendar invite enables indirect prompt injection, causing Gemini to summarize and exfiltrate private meeting data by creating a new calendar event that could be visible to attackers; the finding highlights AI-enabled attack surfaces and the need for stronger guardrails and identity controls across AI workflows.

via The Hacker News|

#ai-security #calendar-privacy #data-exfiltration

technology4 months ago•4 min saved

Single-click prompt exploit drains Copilot Personal data in stealthy stages

Security researchers demonstrated a one-click, multistage prompt-injection attack against Copilot Personal that exfiltrated user data from chat histories, even after the chat was closed. The exploit used a malicious URL parameter and bypassed some endpoint protections by triggering repeated requests (“reprompt”), exposing names, locations, and event details. Microsoft has patched the flaw, with Copilot Personal affected but not Microsoft 365 Copilot.

via Ars Technica|

#ai #copilot #data-exfiltration

security4 months ago•5 min saved

Reprompt flaw lets attackers hijack Copilot sessions via malicious prompts

Researchers exposed 'Reprompt', a flaw that injects commands via Copilot's URL q parameter to hijack an authenticated session and exfiltrate data, using P2P injection, double-request, and chain-request techniques; Microsoft patched the vulnerability on January 2026 Patch Tuesday, mainly affecting Copilot Personal rather than Microsoft 365 Copilot, and users should apply the latest Windows updates.

via BleepingComputer|

#copilot #data-exfiltration #prompt-injection

technology4 months ago•4 min saved

Chrome Extensions Steal Chats from 900,000 Users

Researchers have uncovered two malicious Chrome extensions with over 900,000 users that steal ChatGPT and DeepSeek chat conversations along with browsing data, sending this information to remote servers. These extensions impersonate legitimate tools, request permissions under false pretenses, and exfiltrate sensitive data, posing significant privacy and security risks. The discovery highlights the growing threat of prompt poaching and the need for users to be cautious about extension permissions and sources.

via The Hacker News|

#ai-chat-privacy #chrome-extensions #cybersecurity

threat-intelligence7 months ago•4 min saved

CL0P Hackers Exploit Oracle Flaw in Widespread Data Breach

Hackers linked to Cl0p exploited a zero-day flaw in Oracle's E-Business Suite to breach dozens of organizations, using sophisticated malware and extortion tactics, with ongoing assessments of the full scope of the attack.

via The Hacker News|

#cl0p #cyberattack #data-exfiltration

security8 months ago•5 min saved

Salesloft Drift Breach Affects Salesforce and Beyond

A threat actor exploited a vulnerability in the Salesloft Drift integration to exfiltrate sensitive Salesforce data using compromised OAuth credentials, prompting immediate security measures and urging organizations to review logs, rotate credentials, and enhance threat hunting efforts.

via Unit 42|

#data-exfiltration #drift-integration #salesforce-compromise

cybersecurity10 months ago•4 min saved

Scattered Spider Launches Multi-Vector Attacks on Critical Infrastructure and Data

The FBI and international agencies warn that the cybercriminal group Scattered Spider has adapted its tactics, now using sophisticated social engineering, legitimate remote access software, and new malware like DragonForce to infiltrate organizations, exfiltrate data, and deploy ransomware rapidly. They target sectors like retail, insurance, and aviation, often exfiltrating data to multiple sites and quickly deploying ransomware such as DragonForce, especially targeting VMware ESXi servers. Despite recent arrests slowing their activity, authorities advise organizations to strengthen defenses through offline backups, multi-factor authentication, and application controls.

via theregister.com|

#cyber-threats #cybersecurity #data-exfiltration