Tag

Data Exposure

All articles tagged with #data exposure

security5 days ago•1 min saved

Cisco patches critical unauthenticated REST API flaw in Secure Workload

Cisco fixed a high-severity, unauthenticated REST API vulnerability in Secure Workload (CVE-2026-20223, CVSS 10.0) that could let remote attackers read sensitive data and alter tenant configurations across boundaries with Site Admin privileges. The flaw affects Secure Workload Cluster Software on SaaS and on-prem deployments with no available workarounds; patches are available in Release 3.10.8.3 (3.10) and 4.0.3.17 (4.0), with users of 3.9 and earlier advised to migrate. Cisco notes no known exploits in the wild at this time; the article also references a separate CVE-2026-20182 exploit in Catalyst SD-WAN Controller.

via The Hacker News|

#cisco #cve-2026-20223 #data-exposure

technology2 months ago•4 min saved

Public Google API keys unlock Gemini AI data risk

Researchers found nearly 3,000 Google API keys publicly exposed in client-side code that could authenticate to Google's Gemini AI and access private data. Google says it has implemented protections to block leaked keys from Gemini and will notify developers, who should audit and rotate keys. The exposure was uncovered by TruffleSecurity via the November 2025 Common Crawl dataset, highlighting potential abuse where attackers could incur API charges by making Gemini calls.

via BleepingComputer|

#api-keys #cybersecurity #data-exposure

technology3 months ago•2 min saved

Moltbot’s Broad Access Tests AI Security Boundaries

Open-source Moltbot can control a user’s machine (shell, calendar, browser, emails) and act via messaging apps, but researchers warn hundreds of exposed panels and misconfigurations pose data-exposure and unauthorized-command risks; experts urge cautious deployment, strong defaults, and isolated setups as AI agents gain adoption in enterprises and government.

via Axios|

#ai-agent #data-exposure #open-source

cybersecurity3 months ago•2 min saved

Misconfigured Moltbot dashboards leak credentials and invite takeovers

Misconfigured Moltbot (formerly Clawdbot) control panels exposed hundreds of internet-facing dashboards, leaking API keys, private chats and other credentials. With autonomous agent capabilities, attackers could impersonate operators, inject messages, and even run commands with elevated privileges. The root cause was localhost-trust and reverse-proxy defaults; the project has rebranded Clawdbot to Moltbot (Molty) while keeping the same core functionality.

via Bitdefender|

#ai #credentials #cybersecurity

technology10 months ago•1 min saved

Google Indexes ChatGPT Conversations, Raising Privacy Concerns

Google is indexing shared ChatGPT conversations, potentially exposing private and sensitive user exchanges to the public through search results, raising privacy concerns about the sharing and visibility of personal information.

via Dataconomy|

#chatgpt #conversations #data-exposure

technology2 years ago•2 min saved

OwnCloud Vulnerabilities Expose Admin Passwords and Allow Unauthorized File Modifications

ownCloud has disclosed three critical vulnerabilities, including sensitive data exposure, in its open source file-sharing software. The most severe vulnerability allows attackers to access admin passwords, mail server credentials, and license keys. Another vulnerability enables unauthorized access, modification, or deletion of files without authentication. The third vulnerability bypasses subdomain validation, allowing attackers to redirect callbacks to a domain controlled by them. ownCloud has released patches and recommends applying fixes, including disabling the "Allow Subdomains" option. The company serves over 600 enterprise customers and millions of users across various sectors.

via The Register|

#data-exposure #file-sharing #owncloud

technology3 years ago•2 min saved

OpenAI's ChatGPT suffers significant bug causing leak of chat histories.

OpenAI has confirmed that a software bug caused ChatGPT to leak the conversation histories of some random users earlier this week. The company has released a patch, but users' chat histories for Monday, March 20, may have been lost. It remains unclear whether the bug exposed anyone's sensitive personal information. OpenAI plans to provide more details through a "technical postmortem."

via PCMag|

#chatgpt #data-exposure #openai