Github Copilot Chat Prompt Injection via Filename
Github Copilot Chat Prompt Injection via Filename A prompt injection vulnerability exists in Github Copilot Chat version 0.28.0. We have verified this vulnerability is...
Google Cloud Platform (GCP) Google Security Operations SIEM Tenant Service Account of the SecOps...
Google Cloud Platform (GCP) Google Security Operations SIEM Tenant Service Account of the SecOps Instance Access Token Leak Tenable Research has identified and responsibly...
Google Cloud Platform (GCP) Google Security Operations IDE Code Execution Protection Bypass
Google Cloud Platform (GCP) Google Security Operations IDE Code Execution Protection Bypass Tenable Research has identified and responsibly disclosed a safety mechanism bypass vulnerability...
[R1] Tenable Identity Exposure Version 3.77.14 Fixes Multiple Vulnerabilities
Tenable Identity Exposure Version 3.77.14 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 11/03/2025 - 09:50
Tenable Identity Exposure leverages third-party software to help provide...
WordPress – Ultimate Dashboard exposed API Key
WordPress - Ultimate Dashboard exposed API Key Ultimate Dashboard allows to replace the default WordPress dashboard widgets with your own and give the WordPress...
Knee-jerk corporate responses to data leaks protect brands like Qantas — but consumers are...
When courts ban people from accessing leaked data – as happened after the airline’s data breach – only hackers and scammers winFollow our Australia...
Datadog threat roundup: Top insights for Q3 2025
Threat insights from Datadog Security Labs for Q3 2025. - Read more
Learnings from recent npm supply chain compromises
A look at recent npm supply chain compromises and how we can learn from them to better prepare for future incidents. - Read...
Dell Storage Manager Multiple Vulnerabilities
Dell Storage Manager Multiple Vulnerabilities CVE-2025-43995: Authentication Bypass in DSM Data Collector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear...
Google Cloud Platform (GCP) Dialogflow Service Agent Token Leak and Abuse Through Conversational Agents
Google Cloud Platform (GCP) Dialogflow Service Agent Token Leak and Abuse Through Conversational Agents Tenable Research has identified and responsibly disclosed a critical privilege...
Latest article
Oracle PeopleSoft Zero-Day
What is the Attack? Google Threat Intelligence Group (GTIG) and Mandiant...
Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection
A new and stealthy backdoor named Mistic has been quietly targeting corporate networks since April 2026, disguising itself using the names and appearance of...
Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs
Amazon Web Services (AWS) recently announced support for resource-based policies and resource control policies (RCPs) for AWS Sign-In. By using resource-based policies and RCPs,...
Healthcare Vendor Xsolis Reports Breach Affecting 1.4M People
Xsolis confirmed a healthcare data breach affecting nearly 1.4 million people after a phishing attack exposed health and identity data.
The post Healthcare Vendor Xsolis...
