Author: Declan Murphy
Johannes Ullrich, dean of analysis on the SANS Institute, stated, “Most definitely, that is an XML Exterior Entity vulnerability.” Exterior entities, he defined, are an XML function that instructs the parser to both learn native recordsdata or entry exterior URLs. On this case, an attacker might embed an exterior entity within the license file, instructing the XML parser to learn a confidential file and embody it within the response. It is a frequent vulnerability in XML parsers, he stated, sometimes mitigated by disabling exterior entity parsing. An attacker would be capable to acquire learn entry to confidential recordsdata like configuration recordsdata,…
Cyble’s 2025 report analyzes Preliminary Entry gross sales, ransomware operations, and knowledge breaches shaping the cyber risk panorama in Australia and New Zealand. The cyber risk surroundings in Australia and New Zealand skilled a new escalation all through 2025, pushed by a surge in preliminary entry gross sales, ransomware operations, and high-impact knowledge breaches. Based on our Risk Panorama Report Australia and New Zealand 2025, risk exercise noticed between January and November 2025 reveals a fancy and commercialized underground ecosystem, the place compromised community entry is actively purchased, offered, and exploited throughout a number of sectors. The risk panorama report identifies a persistent give attention to data-rich industries, with risk actors disproportionately…
The comfort of AI chatbots has include a hidden price for almost one million Chrome customers. On December 29, 2025, cyber risk defence consultants at OX Safety revealed that two common browser extensions have been secretly recording non-public conversations and sending them to exterior servers. This discovery is a part of a disturbing new development that researchers at Safe Annex have named Immediate Poaching, the place attackers particularly goal the delicate questions and proprietary knowledge we feed into instruments like ChatGPT. Malicious Chrome Extensions The 2 instruments on the centre of OX Analysis’s investigation are “Chat GPT for Chrome with…
Jan 08, 2026Ravie LakshmananPrivateness / Synthetic Intelligence Synthetic intelligence (AI) firm OpenAI on Wednesday introduced the launch of ChatGPT Well being, a devoted house that permits customers to have conversations with the chatbot about their well being. To that finish, the sandboxed expertise affords customers the non-obligatory means to securely join medical data and wellness apps, together with Apple Well being, Perform, MyFitnessPal, Weight Watchers, AllTrails, Instacart, and Peloton, to get tailor-made responses, lab check insights, diet recommendation, customized meal concepts, and steered exercise courses. The brand new characteristic is rolling out for customers with ChatGPT Free, Go, Plus, and…
Menace actors are persevering with to refine “quishing” phishing delivered via QR codes by shifting from conventional image-based payloads to “imageless” QR codes rendered immediately in e mail HTML, a tactic designed to sidestep safety instruments that concentrate on decoding QR photographs. QR code abuse just isn’t new, however it stays efficient as a result of the person expertise is frictionless: a fast scan launches a browser session on a cell machine, usually outdoors the protected boundary of company endpoints and e mail inspection workflows. Cloudflare notes that QR phishing regularly bypasses standard defenses as a result of many controls…
Researchers have launched particulars a couple of vital vulnerability that was silently patched in n8n, a platform utilized by many firms to construct LLM-powered brokers and automatic workflows. The flaw can permit unauthenticated attackers to fully take over native n8n deployments, execute instructions on the underlying system, and extract delicate company information workflows sometimes have entry to. “The blast radius of a compromised n8n is huge,” researchers from information safety firm Cyera, who discovered the vulnerability, famous of their report on the vulnerability. “N8n is connecting numerous methods, your organizational Google Drive, OpenAI API keys, Salesforce information, IAM methods, cost…
Safety groups have spent years bettering their means to detect and block malicious bots. That effort stays crucial. Automated visitors now makes up greater than half of all net visitors, and bot-driven assaults proceed to develop in quantity and class. What has modified is the position of respectable bots and the way little visibility most safety groups have into their habits. So-called good bots now account for a big share of automated visitors. Search engine crawlers index content material. AI methods scrape pages to coach fashions and generate responses. Agentic AI is starting to work together with purposes on behalf…
Jan 07, 2026Ravie LakshmananCommunity Safety / Vulnerability A newly found important safety flaw in legacy D-Hyperlink DSL gateway routers has come below energetic exploitation within the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS rating: 9.3), considerations a case of command injection within the “dnscfg.cgi” endpoint that arises because of improper sanitization of user-supplied DNS configuration parameters. “An unauthenticated distant attacker can inject and execute arbitrary shell instructions, leading to distant code execution,” VulnCheck famous in an advisory. “The affected endpoint can also be related to unauthenticated DNS modification (‘DNSChanger’) conduct documented by D-Hyperlink, which reported energetic exploitation campaigns concentrating on…
ESET Analysis has uncovered a major surge in CloudEye malware detections, with a 30-fold improve within the second half of 2025. The safety agency detected greater than 100,000 an infection makes an attempt over the six months, signaling a widespread menace affecting organizations globally. CloudEyE operates as a Malware-as-a-Service (MaaS) downloader and cryptor designed to hide and deploy secondary payloads together with Rescoms, Formbook, and Agent Tesla identified data stealers and distant entry trojans. The proliferation of CloudEyE represents a notable shift in malware distribution ways, leveraging the rising ecosystem of ransomware-as-a-service and malware-as-a-service platforms. By functioning as a stealthy…
“Open WebUI shops the JWT token in localStorage,” Cato researchers mentioned in a weblog put up. “Any script working on the web page can entry it. Tokens are long-lived by default, lack HttpOnly, and are cross-tab. When mixed with the execute occasion, this creates a window for account takeover.”The assault requires the sufferer to allow Direct Connections (disabled by default) and add the attacker’s malicious mannequin URL, based on an NVD description. Escalating to Distant Code Execution The chance doesn’t cease at account takeover. If the compromised account has workspace.instruments permissions, attackers can leverage that session token to push authenticated…