The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated.GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year an...

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries

The threat actor behind the recently disclosed artificial intelligence AI-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its...

Third-Party Service Secret Disclosure

Most of the web applications rely on various public services to provide features to their users. In secure designs, consuming these private or cloud services will require authentication like API and private keys, username and password based credentials and similar sensitive data. Developers...

EUVD-2022-34117

Malicious code in bioql PyPI...

EUVD-2022-34112

Malicious code in bioql PyPI...

EUVD-2022-34110

Malicious code in bioql PyPI...

EUVD-2022-27408

Malicious code in bioql PyPI...

PT-2025-31923

Name of the Vulnerable Software and Affected Versions NVIDIA Triton Inference Server versions affected versions not specified Description NVIDIA Triton Inference Server for Windows and Linux has an issue where a specially crafted input can cause a stack buffer overflow. Successful exploitation ma...

PT-2025-31924

Name of the Vulnerable Software and Affected Versions NVIDIA Triton Inference Server versions prior to 25.07 Description NVIDIA Triton Inference Server contains a flaw where an attacker can trigger a stack overflow through crafted HTTP requests. Successful exploitation could lead to remote code...

CVE-2022-29789

The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services...

CVE-2022-29791

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services...

CVE-2022-29796

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services...

CVE-2022-22261

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services...

Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence GenAI services in order to produce offensive and harmful content. The campaign, called LLMjacking, ha...

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Not sure this will matter in the end, but it's a positive move: Microsoft is accusing three individuals of running a "hacking-as-a-service" scheme that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content. The foreign-based...

CVE-2024-23654 discourse-ai admin-initiated SSRF when interacting with AI services

discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit...

CVE-2024-23654 discourse-ai admin-initiated SSRF when interacting with AI services

discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit...

Wiz AI-SPM extends support to Microsoft Azure OpenAI Service models

Secure Microsoft Azure AI Services, including Azure OpenAI, with Wiz AI-SPM providing full visibility into AI pipelines and risks on the Wiz Security Graph...

Using Data Loss Prevention to Prevent Data Leakage via ChatGPT

Using Data Loss Prevention to Prevent Data Leakage via ChatGPT By Zak Krider · April 17, 2023 The rapid advancement of Artificial Intelligence AI technology has garnered much attention in recent weeks for its potential to enhance workplace productivity and efficiency. However, this focus on AI...

CVE-2022-29796

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services...