seen from United States
seen from United Kingdom
seen from South Korea
seen from Türkiye
seen from United States
seen from United Kingdom
seen from China
seen from Australia
seen from Malaysia
seen from United Kingdom
seen from Türkiye
seen from Bangladesh
seen from Türkiye
seen from Sweden
seen from United States
seen from Canada
seen from United States
seen from Sweden
seen from Yemen
seen from China
Microsoft Copilot Flaw Enables Silent Data Exfiltration via Prompt Injection
A critical Microsoft Copilot vulnerability allowed attackers to inject prompts and exploit rendering behaviour to silently extract emails, documents, and chat data through external requests. Some attacks required no user interaction, while others persisted across sessions using Copilot memory features.
Source: Embrace The Red
Read more: CyberSecBrief
Outlook Add-ins Used for Silent Email Theft
Researchers revealed how malicious Outlook add-ins can quietly siphon email data without triggering audit logs, evading standard Microsoft 365 monitoring.
Source: Varonis Threat Labs
Read more: CyberSecBrief
Warlock Ransomware Exploits SharePoint and Legitimate Tools for Enterprise Attacks
The Warlock group combines SharePoint exploits, DLL sideloading, and custom BYOVD malware to breach networks, exfiltrate data, and deploy ransomware at scale.
Source: Trend Micro
Read more: CyberSecBrief
Popular VS Code AI Tools Secretly Exfiltrate Source Code
Malicious Visual Studio Code extensions quietly siphoned full projects and edits from up to 1.5 million developers.
Source: Koi
Read more: CyberSecBrief
Dissecting the Salesloft Drift Breach
In August 2025, a major cyberattack targeted Salesloft Drift, a conversational marketing and sales engagement platform integrated with Salesforce and numerous other enterprise systems. Attackers exploited compromised OAuth tokens to gain unauthorised access to hundreds of customer instances, exfiltrating sensitive data such as AWS access keys, passwords, Snowflake tokens, and CRM records. Over 700 organisations were potentially affected, including Cloudflare, Google Workspace, PagerDuty, Palo Alto Networks, Proofpoint, SpyCloud, Tanium, and Zscaler. This incident underscores the risks posed by supply-chain attacks in highly integrated SaaS environments.
Source: CyberSecBrief
GemStuffer Turns RubyGems Into Government Data Exfiltration Pipeline
A malicious RubyGems campaign published over 155 packages that scraped UK local government portals and exfiltrated civic data through repackaged .gem archives. Ruby Central was forced to disable new account registrations and throttle platform activity after attackers used hardcoded API tokens to automate large-scale package publishing.
Source: Socket
Read more: CyberSecBrief
Months-Long Adobe Reader Zero-Day Exploited via Malicious PDFs
A stealth Adobe Reader zero-day has been abused for months through weaponised PDFs that steal data, harvest system files, and may deliver remote code execution.
Source: SecurityWeek | Haifei Li
Read more: CyberSecBrief
ChatGPT Flaw Secretly Leaked User Data via DNS
A flaw in ChatGPT’s runtime exfiltrated user messages and files through DNS channels, enabling remote shell access; OpenAI patched the vulnerability on 20 February 2026.
Source: Check Point Research
Read more: CyberSecBrief
