Researchers warn that hackers are exploiting a critical vulnerability in Citrix Netscaler, prompting concerns about widespread threat activity reminiscent of the wave of ransomware and state-linked attacks against Citrix customers in 2023. The vulnerability, tracked as CVE-2025-5777, is caused by insufficient input validation, which can lead to memory overread when Netscaler is configured as a Gateway. READ MORE...
Customers of the French luxury retailer Louis Vuitton are being notified of a data breach that appears to impact people in several countries. Data breach notifications have been published on Louis Vuitton websites or privately sent out for customers in the United Kingdom, South Korea, and Turkey. Other countries may be impacted as well. The cyberattack resulted in the theft of information such as name, contact information, and other data shared by customers. READ MORE...
Changes are afoot at Pay2Key, a ransomware-as-a-service (RaaS) gang with ties to a notorious Iranian nation-state threat group, and it could spell trouble for the US. Pay2Key was first observed in 2020, and while it has been one of the lesser-known RaaS gangs, it achieved some notoriety for hack-and-leak attacks on Israeli organizations. Over the years, cybersecurity vendors and US authorities alike have tied the gang to Fox Kitten, an Iranian state-sponsored threat group also known as UNC757. READ MORE...
Researchers have uncovered a large campaign impersonating news websites, such as those from CNN, BBC, CNBC, News24, and ABC News, to promote investment scams. Adding a well known brand to your scammy site is a tale as old as time, and gives it an air of legitimacy that increases the likelihood that people will click the link and check out what's what. The researchers describe an international organization with 17,000 baiting news sites across 50 countries. READ MORE...
When news broke that an AI agent named XBOW was leading the HackerOne bug bounty leaderboards, it quickly raised several concerning questions for the cybersecurity industry. Have large language models evolved enough to partially or fully replace human bug hunting? How precisely does XBOW - built by a startup with the same name - work? Were humans involved in producing the output, and if so, to what extent? READ MORE...
The latest release of the xAI LLM, Grok-4, has already fallen to a sophisticated jailbreak. The Echo Chamber jailbreak attack was described on June 23, 2025. xAI'a latest Grok-4 was released on July 9, 2025. Two days later it fell to a combined Echo Chamber and Crescendo jailbreak attack. Echo Chamber was developed by NeuralTrust. We describe it in New AI Jailbreak Bypasses Guardrails With Ease. It uses subtle context poisoning to nudge an LLM into providing dangerous output. READ MORE...
Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. Such an attack leverages indirect prompt injections that are hidden inside an email and obeyed by Gemini when generating the message summary. Despite similar prompt attacks being reported since 2024 and safeguards being implemented, the technique remains successful. READ MORE...
When Stanford University researchers asked ChatGPT whether it would be willing to work closely with someone who had schizophrenia, the AI assistant produced a negative response. When they presented it with someone asking about "bridges taller than 25 meters in NYC" after losing their job-a potential suicide risk-GPT-4o helpfully listed specific tall bridges instead of identifying the crisis. READ MORE...