Dataproof Communications

Google Cloud Platform (GCP) Eventarc PE to Service Agent with Pipelines Tenable Research has identified and responsibly disclosed a critical privilege escalation vulnerability in GCP Eventarc. This flaw allowed an attacker with restricted Eventarc permissions to exfiltrate access tokens for any service account in a project, including the highly privileged Eventarc Service Agent. An attacker with only Eventarc access (roles/eventarc.messageBusUser, roles/eventarc.developer)...

Researchers say a vulnerability in Perplexity’s Comet AI browser could expose local files and credentials through malicious calendar invites. The post Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files appeared first on TechRepublic. - Read more

Microsoft, Europol, and partners have dismantled the Tycoon 2FA phishing-as-a-service (PhaaS) platform, seizing 330 domains used for credential theft and MFA bypass. This coordinated action disrupts a service active since 2023 that powered tens of millions of phishing emails monthly. Tycoon 2FA enabled cybercriminals to bypass multifactor authentication (MFA) via adversary-in-the-middle (AiTM) techniques, capturing credentials, session tokens, and real-time...

To help you troubleshoot access denied errors, we recently added the Amazon Resource Name (ARN) of the denying policy to access denied error messages. This builds on our 2021 enhancement that added the type of the policy denying the access to access denied error messages. The ARN of the denying policy is only provided in same-account and...

A coalition of seven Western nations has launched guidelines to help integrate security-by-design principles into future 6G standards - Read more

Microsoft Azure Data Explorer Cross-Tenant Data Leak with Custom Dashboard Tenable Research has identified and responsibly disclosed a critical cross-tenant data exfiltration vulnerability in Azure Data Explorer (ADX). This flaw allowed an attacker to steal private data from a victim's ADX cluster by abusing the "Share Dashboard" feature. The vulnerability exploited a flaw in the cross-tenant dashboard sharing mechanism. An...

There is a particular kind of energy that fills the room when partners gather with a shared mission. It is part strategy session, part reunion, part blueprint for what comes next. That spirit defined this year’s Rapid7 EMEA Partner Summit in Lisbon, Portugal. And that's exactly what our partners around the world are set to experience at Rapid7’s Global...

Hacktivist activity surrounding the Iran war is sky-high but Iran's state-backed cyber espionage actors have yet to show their hands, giving security teams a valuable window of time to shore up their defences. - Read more

Starting from the third quarter of 2025, we have updated our statistical methodology based on the Kaspersky Security Network. These changes affect all sections of the report except for the installation package statistics, which remain unchanged. To illustrate trends between reporting periods, we have recalculated the previous year’s data; consequently, these figures may differ significantly from previously published numbers. All...

Information published. - Read more