data exfiltration
-
Researchers say GemStuffer abused more than 150 RubyGems to store scraped council data
Researchers said GemStuffer abused more than 150 RubyGems packages to store scraped data from U.K. council portals, using the registry as an exfiltration channel and raising questions about package registry abuse.
-
108 malicious Chrome extensions linked to shared server, data theft
Researchers found 108 malicious Chrome extensions tied to one backend server, with the add-ons used to steal account data, exfiltrate Telegram sessions and inject ads or scripts into visited pages.
-
Grafana AI flaw could expose enterprise data in zero-click attack
Researchers say a critical Grafana flaw could let attackers use AI-powered dashboards to exfiltrate sensitive data without authentication. Grafana reportedly validated the issue and released a fix after disclosure by Noma Security.
-
European Commission says attackers breached public web infrastructure
The European Commission said attackers broke into cloud systems hosting its Europa websites on March 24 and may have taken data. The sites stayed online, but officials gave few details about what was exposed.
-
CNCERT warns OpenClaw flaws could allow endpoint takeover
China’s CNCERT warned that OpenClaw, a self hosted AI agent, has weak defaults and high privileges that could let attackers seize endpoints. Indirect prompt injection and malicious repositories are cited as exploitation paths.
-
Malicious VSCode extensions with 1.5 million installs exfiltrate developer data
Two malicious Visual Studio Code extensions installed about 1.5 million times read and transmit open files and workspace data to China based servers, the technical analysis by Koi Security reports.
-
Reprompt attack could exfiltrate Microsoft Copilot data with one click
Researchers disclosed Reprompt, a method that can use a single Copilot URL click to inject prompts and enable hidden, ongoing data exfiltration. Microsoft has addressed the issue and enterprise Copilot customers are not affected.
-
Two Chrome extensions exfiltrated ChatGPT and DeepSeek conversations from 900,000 users
A technical analysis by OX Security found two malicious Chrome extensions that collected ChatGPT and DeepSeek conversations and tab URLs from about 900,000 users and sent the data to external servers on a regular schedule.
-
Long-running ‘ShadyPanda’ campaign amassed more than 4.3 million browser extension installs, researchers say
Researchers say the ShadyPanda campaign turned hundreds of browser extensions into spyware and backdoors, accumulating more than 4.3 million installs across Chrome and Edge and exfiltrating browsing data to multiple domains.
-
Logitech discloses data breach tied to zero-day; Cl0p claims responsibility
Logitech disclosed a data breach in which a zero-day in a third-party platform was exploited and certain internal IT data was copied; Cl0p has claimed responsibility and Logitech said it does not expect the incident to materially affect its business.
