879 matches found
Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send...
Malicious code in @lexisnexisrisk/insider-threat-platform (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dae189d0977c5458ccfe6ac903cf5014acf0e73277c22ad68edf683813066398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6629 Malicious code in @lexisnexisrisk/insider-threat-platform (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dae189d0977c5458ccfe6ac903cf5014acf0e73277c22ad68edf683813066398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-210212
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...
EUVD-2025-210211
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...
CVE-2025-15642
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...
CVE-2025-15641
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...
1 in 8 employees have sold company logins or know someone who has
UK anti-fraud non-profit Cifas just published research that should bother anyone who runs a business, or buys from one: One in eight workers at large enterprises have either sold their company login credentials or know someone who did. The internet is awash with compromised credentials that...
Insider Betting on Polymarket
Insider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets--defined as wagers of $2,500 or more at odds of 35 percent or less--on the platform had an average win rate of around 52 percent in markets...
Hacking Polymarket
Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside for one, it facilitates assassination, one of the issues with making this work is the verification of these real-world events. Polymarket gamblers have...
2 US Cybersecurity Experts Jailed for Aiding ALPHV (BlackCat) Ransomware
Two US cybersecurity experts jailed for aiding BlackCat ransomware group, extorting victims worldwide and exploiting insider access for profit...
Kraken Exchange Faces Extortion After Insider Recorded System Footage
Kraken exchange faces extortion after a staff member misused access to record internal systems, about 2,000 accounts affected, no funds or systems breached...
S3CDM: A Secret-Sharing-Scheme-Based Cyberattack Detection Model and Its Simulation Implementation
We design and develop a secret-sharing-scheme-based cyberattack detection modelS3CDMthat can detect unauthorized or illegal activities especially insider attacks and protect sensitive information within complex network infrastructures of large organizations. The model splits a secret among a grou...
30,000 private Facebook images allegedly downloaded by Meta employee
Every tech company tells you your data is safe. They've hopefully got encryption, access controls, and zero-trust architectures—the whole glossy security brochure. And then someone on the inside writes a script to steal your private photos anyway. That's what a former Meta employee based in Londo...
OrgForge-IT: A Verifiable Synthetic Benchmark for LLM-Based Insider Threat Detection
Synthetic insider threat benchmarks face a consistency problem: corpora generated without an external factual constraint cannot rule out cross-artifact contradictions. The CERT dataset -- the field's canonical benchmark -- is also static, lacks cross-surface correlation scenarios, and predates th...
Hardening Confidential Federated Compute against Side-Channel Attacks
In this work, we identify a set of side-channels in our Confidential Federated Compute platform that a hypothetical insider could exploit to circumvent differential privacy DP guarantees. We show how DP can mitigate two of the side-channels, one of which has been implemented in our open-source...
New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation
As organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration. After all, data leaders are aware of the notion that: Your AI is only as good as your data. Organizations are skeptical about AI transformation due to concerns of sensitive data...
New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation
As organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration. After all, data leaders are aware of the notion that: Your AI is only as good as your data. Organizations are skeptical about AI transformation due to concerns of sensitive data...
EUVD-2026-8913
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. user-environments.resolver.ts:82-109, updateUserEnvironment mutation uses @UseGuardsGqlAuthGuard but is missing the @GqlUser...
CVE-2026-25308
Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through = 4.6.9...