Hackers target misconfigured proxies to access paid LLM services

Threat actors are systematically hunting for misconfigured proxy servers that could provide access to commercial large ...
SecurityWeek

Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure

Analysis of a recent attack targeting VMware ESXi vulnerabilities from March 2025 revealed an exploit developed a year before ...
CSO Online

CISA flags max-severity bug in HPE OneView amid active exploitation

The flaw allows remote code execution via a public REST API, giving attackers a direct path to compromise enterprise ...
Harvard Business Review

Research: Conventional Cybersecurity Won’t Protect Your AI

As AI embeds itself into every corner of business, most executives continue to underestimate the distinct security risks ...

The 11 runtime attacks breaking AI security — and how CISOs are stopping them

CrowdStrike's 2025 data shows attackers breach AI systems in 51 seconds. Field CISOs reveal how inference security platforms ...
SecurityWeek

‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT

ChatGPT vulnerabilities allowed Radware to bypass the agent’s protections, implant a persistent logic into memory, and ...
The Hacker News

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian-linked APT28 ran credential-harvesting attacks in 2025 using fake Microsoft, Google, and VPN login pages, PDF lures, ...

This 'ZombieAgent' zero click vulnerability allows for silent account takeover - here's what we know

In December 2025, a feature called Connectors finally moved out of beta and into general availability. This feature allows ChatGPT to connect to numerous other apps, such as calendars, cloud storage, ...

The hidden risk of public WiFi: How a single approval wiped a crypto wallet

A trader lost $5,000 after using hotel WiFi and approving a “benign” wallet request. The case shows how public networks and ...