Dataproof Communications

An automated scanning system has cut the time it takes to fix cybersecurity vulnerabilities across public sector IT systems, reducing median remediation time for general cyber vulnerabilities from 53 days to 32, and slashing DNS-specific average fix times from 50 days to eight. The results come from the UK government’s newly launched vulnerability monitoring service...

A high-severity security vulnerability has been discovered in Google Chrome’s integrated Gemini AI assistant, exposing users to unauthorized camera and microphone access, local file theft, and phishing attacks, all without requiring any user interaction beyond launching the browser’s built-in AI panel. Tracked as CVE-2026-0628, the flaw was uncovered by researchers at Palo Alto Networks’ Unit 42 and responsibly disclosed...

For the latest discoveries in cyber research for the week of 2nd March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Wynn Resorts, a United States-based casino and hotel operator, has confirmed that employee data was accessed following an extortion threat linked to ShinyHunters. The company said operations were not disrupted. Reports indicate the stolen dataset includes HR-related information,...

Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS - Read more

As AI agents become part of your development workflows on Amazon Web Services (AWS), you want them to work with your existing AWS Identity and Access Management (IAM) permissions, not force you to build a separate permissions model. At the same time, you need the flexibility to apply different governance controls when an AI agent makes an...

While cyber threat levels remain stable following the outbreak of war in the Middle East at the weekend, at-risk organisations in the UK should take steps now to ward off potential reprisals from Iran-linked threat actors. - Read more

When Anthropic announced Claude Code Security, the market reacted immediately. Several cybersecurity stocks saw sharp drops as speculation spread that AI-powered code security tools could displace traditional security platforms.The narrative moved quickly: AI is replacing AppSec. AI is automating vulnerability detection. AI will make legacy security tooling redundant. The reality is more nuanced. Claude Code Security is a legitimate...

Mark your calendars. The Rapid7 2026 Global Cybersecurity Summit returns May 12–13, bringing together security leaders, practitioners, and industry experts for two days of strategic leadership insight and hands-on operational guidance, designed to equip both decision-makers and defenders to build stronger, more resilient security programs.This year’s theme is Preemptive Security Operations - a shift from reacting to threats to...

Sim Studio AI - Unauthenticated OAuth Token Theft The `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId` and `providerId` parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their user ID and a provider name, effectively stealing credentials to third-party services. Joshua Martinelle Mon, 03/02/2026 - 07:42 ...

Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion The MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including reading, modifying, and deleting data. Joshua Martinelle Mon, 03/02/2026 - 07:29 - Read more