Some of the most widely used AI agents and assistants from Microsoft, Google, OpenAI and other major companies are susceptible to being hijacked with little or no user interaction, according to new research from Zenity Labs. During a presentation at the Black Hat USA cybersecurity conference, Zenity researchers showed how hackers could exfiltrate data, manipulate critical workflows across targeted organizations and, in some cases, even impersonate users. READ MORE...
The U.S. government and seven international partners have seized the computer servers of the BlackSuit ransomware group and more than $1 million in cryptocurrency that it laundered, the Justice Department said on Monday. The FBI, the Secret Service, U.S. Immigration and Customs Enforcement's Homeland Security Investigations and the IRS's Criminal Division worked with authorities in Canada, France, Germany, Ireland, Lithuania, the U.K. and Ukraine to take down four of BlackSuit's servers. READ MORE...
Manpower, one of the world's largest staffing companies, is notifying nearly 145,000 individuals that their information was stolen by attackers who breached the company's systems in December 2024. Together with Experis and Talent Solutions, the company is part of ManpowerGroup, a multinational corporation with over 600,000 workers in more than 2,700 offices and serving over 100,000 clients worldwide. READ MORE...
Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix. The bug, tracked as CVE-2025-8088, is a path-traversal flaw that affects the Windows version of the decompression tool. It received an 8.4 CVSS rating and, according to WinRAR, has been patched in the newest version, 7.13, released on July 31. So if you haven't already: update now, and check for these indicators of compromise. READ MORE...
Security researchers took a mere 24 hours after the release of GPT-5 to jailbreak the large language model (LLM), prompting it to produce directions for building a homemade bomb, colloquially known as a "Molotov cocktail." The same attack flow also can be used against previous versions of OpenAI's GPT, Google's Gemini, and Grok-4, all in standard black-box settings, they said. Researchers from NeuralTrust cracked the model via a context-poisoning jailbreak technique they call "Echo Chamber and Storytelling." READ MORE...
SAP has fixed more than a dozen vulnerabilities with its August 2025 Patch Tuesday updates, including critical vulnerabilities. This Patch Tuesday - or as the enterprise software giant calls it, Security Patch Day - 15 new security notes (fixes) have been released, along with four updates to previous fixes. Onapsis pointed out that the vendor has released a total of 26 new and updated fixes since the previous Patch Tuesday. READ MORE...
It's easier than ever to manipulate video footage to deceive the viewer and increasingly difficult for fact checkers to detect such manipulations. Cornell University scientists developed a new weapon in this ongoing arms race: software that codes a "watermark" into light fluctuations, which in turn can reveal when the footage has been tampered with. The researchers presented the breakthrough over the weekend at SIGGRAPH 2025 in Vancouver, British Columbia. READ MORE...
In recent months, the AI industry has started moving toward so-called simulated reasoning models that use a "chain of thought" process to work through tricky problems in multiple logical steps. At the same time, recent research has cast doubt on whether those models have even a basic understanding of general logical concepts or an accurate grasp of their own "thought process." Similar research shows that these "reasoning" models can often produce incoherent, logically unsound answers. READ MORE...
SonicWall insists a spree of ransomware attacks hitting its Gen 7 firewalls is not linked to a zero-day vulnerability, but rather a critical defect the company previously disclosed and patched last summer in its network security operating system. The vendor disputed initial assessments from outside researchers suggesting the speed and scale of the attacks pointed to a potential zero-day vulnerability affecting the secure sockets layer (SSL) VPN protocol as the initial attack vector. READ MORE...
Despite the promises of OPC UA, a standardized, open source communication protocol often used in industrial settings as a replacement for VPNs, turns out to have a number of vulnerabilities, issues, and potential for exploits. Last week, Tom Tervoort, principal security specialist for Secura, hosted a session at DEF CON 33 dedicated to OPC UA (short for Open Platform Communications Unified Architecture), which was first introduced in 2006. READ MORE...