The new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data.
The post New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches appeared first on SecurityWeek.
GitLab patches high severity account takeover, missing auth issues
GitLab has released security updates to address multiple vulnerabilities in the company’s DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines. […]
Webcast Video: Rethinking Endpoint Hardening for Today’s Attack Landscape
Learn how attackers hide in plain sight—and what you can do to stop them without slowing down your business.
The post Webcast Video: Rethinking Endpoint Hardening for Today’s Attack Landscape appeared first on SecurityWeek.
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a “zero-click” artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot’s context sans any user interaction.
The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been already
The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been already
‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot
Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot.
The post ‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot appeared first on SecurityWeek.
The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce
It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy.
The post The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce appeared first on SecurityWeek.
Non-Human Identities: How to Address the Expanding Security Risk
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security platform is here to close the gap.
Enterprises are Losing Track of Their Machine Identities
Machine identities–service
Enterprises are Losing Track of Their Machine Identities
Machine identities–service
Surge in Cyberattacks Targeting Journalists: Cloudflare
Between May 2024 and April 2025, Cloudflare blocked 109 billion malicious requests targeting organizations protected under Project Galileo.
The post Surge in Cyberattacks Targeting Journalists: Cloudflare appeared first on SecurityWeek.
Windows 11 24H2 emergency update fixes Easy Anti-Cheat BSOD issue
Microsoft has released an emergency Windows 11 24H2 update to address an incompatibility issue triggering restarts with blue screen of death (BSOD) errors on systems with Easy Anti-Cheat. […]
Fog ransomware attack uses unusual mix of legitimate and open-source tools
Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca. […]