Dataproof Communications

Most enterprise AI initiatives stitch together four to five systems for memory, search, and state. The Elasticsearch Platform handles all of it in one engine — and the architecture is simpler than you think. - Read more

In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from...

“Something didn’t go as planned. Undoing changes.” That’s all the clue some Windows 11 users will get when Microsoft’s May Security Update fails to install because of insufficient free space on the EFI System Partition (ESP), leaving their systems unprotected by the dozens of patches it contained. This issue affects devices with limited free space...

Apple’s reported Siri revamp may add auto-deleting AI chats as the company prepares a privacy-focused software push at WWDC 2026. The post Apple’s Siri Revamp May Add Auto-Deleting Chats appeared first on TechRepublic. - Read more

Hackers are wasting no time exploiting a newly disclosed critical vulnerability in NGINX, with security researchers already observing real-world attacks just days after its public release. Security researcher Patrick Garrity from VulnCheck revealed that threat actors are actively targeting CVE-2026-42945, a heap buffer overflow flaw affecting both NGINX Open Source and NGINX Plus. The vulnerability has quickly moved from...

For the latest discoveries in cyber research for the week of 18th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Vodafone, a major international telecom, has sustained a source code leak claimed by the Lapsus$ extortion group. The company confirmed limited access to GitHub files through compromised third-party development software, while stating that customer data and core network infrastructure...

Over 200 people were arrested in an anti-cybercrime operation that spanned 13 countries across the Middle East and North Africa - Read more

The security update for Microsoft Teams for Android is not immediately available. Customers running affected Microsoft Teams for would need to install the update to be protected from this vulnerability, once the update becomes available. - Read more

IT threat evolution in Q1 2026. Mobile statistics IT threat evolution in Q1 2026. Non-mobile statistics In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all sections of the report except for the statistics on installation packages, which remained unchanged. To illustrate the differences between the reporting periods,...

Executive Summary We identified a couple of vulnerabilities in AI automation platform Dify resulting in cross-tenant sensitive information disclosure and one-click account takeover. These findings reinforce the pattern we documented in our previous n8n blogpost: even though AI automation platforms are increasingly becoming integration hubs for complex workflows, their security posture still lags behind their rapid evolution and operational importance.  Introduction Dify is an open-source platform for building LLM-powered applications: agents, chatbots, and automated workflows. With over 134,000 GitHub stars and over 10 million docker pulls, it has rapidly become one of the most popular tools in...