Dataproof Communications

By: Max Gannon, Intelligence TeamCofense Intelligence relies on over 35 million trained employees from around the world, and a considerable number of analyzed campaigns are written in languages other than English. This report focuses on the URLs embedded in emails that bypassed email security controls like secure email gateways (SEGs) to deliver malware. The URLs that are the focus of...

Detecting software supply chain attacks through runtime security. - Read more

Github Copilot Chat Prompt Injection via Filename A prompt injection vulnerability exists in Github Copilot Chat version 0.28.0. We have verified this vulnerability is present when installed on macOS Sequoia 15.5 with Visual Studio Code 1.101.2 and Github Copilot Chat version 0.28.0 in Agent mode using Claude Sonnet 4.It is possible to create a file name that will be...

Google Cloud Platform (GCP) Google Security Operations SIEM Tenant Service Account of the SecOps Instance Access Token Leak Tenable Research has identified and responsibly disclosed a safety mechanism bypass vulnerability in Google Security Operations. This flaw allowed an attacker to leak the access token of the highly privileged SIEM tenant service account, leading to a significant privilege escalation.This vulnerability...

Google Cloud Platform (GCP) Google Security Operations IDE Code Execution Protection Bypass Tenable Research has identified and responsibly disclosed a safety mechanism bypass vulnerability in Google Security Operations. This flaw allowed an attacker to bypass built-in code execution security restrictions and run arbitrary code on the underlying infrastructure.Google Security Operations' Integrated Development Environment (IDE) is designed to let users...

Tenable Identity Exposure Version 3.77.14 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 11/03/2025 - 09:50 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components (.NET, SQL and curl) were found to contain vulnerabilities, and updated versions have been made available by the providers.Out of caution and in line with best practice, Tenable...

WordPress - Ultimate Dashboard exposed API Key Ultimate Dashboard allows to replace the default WordPress dashboard widgets with your own and give the WordPress dashboard a more meaningful use.Since at least version 3.8.3 an exposed MailerLite API key has existed allowing an attacker to interact with the MailerLite API, which could potentially lead to spam, phishing attacks, or other...

When courts ban people from accessing leaked data – as happened after the airline’s data breach – only hackers and scammers winFollow our Australia news live blog for latest updatesGet our breaking news email, free app or daily news podcastIt’s become the playbook for big Australian companies that have customer data stolen in a cyber-attack: call in the lawyers...

Threat insights from Datadog Security Labs for Q3 2025. - Read more

A look at recent npm supply chain compromises and how we can learn from them to better prepare for future incidents. - Read more