All news with #data exfiltration tag

🔒 Researchers disclosed two vulnerabilities in OpenAI’s AI stack affecting Codex and ChatGPT. BeyondTrust found a command injection flaw in Codex that let a malicious GitHub branch name execute code inside task containers and expose short-lived GitHub tokens. Check Point Research discovered a hidden outbound channel in ChatGPT’s code execution runtime that could silently transmit chats, uploads, or outputs to an external server. OpenAI patched both issues before public disclosure and researchers warn that autonomous code execution increases long-term risk.

🔒 OpenAI patched two vulnerabilities affecting ChatGPT and Codex that could have allowed covert exfiltration of user data and theft of GitHub tokens. Check Point disclosed a DNS-based side-channel in ChatGPT's Linux execution environment that encoded conversation content into outbound DNS requests, potentially enabling remote shell access. BeyondTrust found a command-injection bug in Codex that allowed branch-name payloads to retrieve GitHub tokens. Both flaws were responsibly disclosed and fixed in February 2026; vendors report no evidence of active exploitation.

🔐 Die Linke says it was hit by a serious cyberattack that it attributes to the hacker group Qilin, possibly Russian‑speaking, and has taken parts of its IT infrastructure offline. Party federal secretary Janis Ehling said attackers appear to be seeking sensitive internal and employee data; the membership database was not compromised. Authorities warned the party as the intrusion was detected, and a criminal complaint has been filed as the party coordinates with security services.

🔐 The FBI warns that Iranian-linked actors, including Handala and a state-associated Homeland Justice group, are using Telegram as command-and-control infrastructure in Windows malware campaigns. Attackers employ social engineering to install malware that exfiltrates screenshots and files from journalists, dissidents, and opposition groups worldwide. The alert followed the seizure of four clearnet domains and references prior disruptive operations such as Handala's attack on Stryker.

🔓 VoidStealer, an information stealer offered as MaaS since mid‑December 2025, uses a debugger-based technique to extract Chrome's v20_master_key directly from memory. The malware starts a suspended, hidden browser process, attaches as a debugger, and waits for the target chrome.dll to load before setting hardware breakpoints on an instruction that references the key. When the breakpoint triggers during startup decryption, VoidStealer reads the register pointer and uses ReadProcessMemory to capture the plaintext key without privilege escalation. Gen Digital reports this is the first infostealer observed in the wild using this approach.

🔍 Enterprises now sit directly in adversaries' collection paths: they may not be primary targets but their shared telecom, cloud, MSP, and identity dependencies are being exploited upstream. Commercial spyware like Predator and state‑aligned groups documented in Singapore's February 2026 telco breaches show how device and backbone compromises create persistent, upstream access. CISOs must assume provider compromise, demand attestation, harden session and identity layers, and shift detection to low‑noise, long‑duration intelligence operations.

🔒 Speagle is a newly identified malware that subverts the client and infrastructure of the legitimate document protection product Cobra DocGuard to harvest and exfiltrate sensitive information while masquerading as normal client-server traffic. Researchers at Symantec and Carbon Black (Broadcom) say the 32-bit .NET binary verifies the DocGuard installation, collects system and browser artefacts, and uses a compromised Cobra server for command-and-control and data theft. Tracked as Runningcrab, the activity appears narrowly targeted to environments running the security software and may stem from a supply-chain compromise; attribution remains unknown.

🔍 Exfiltration Framework examines how attackers repurpose legitimate OS utilities, third-party endpoint tools, and cloud clients to move sensitive data while evading traditional detections. The research shows that static IOCs and tool-blocking strategies are frequently ineffective when adversaries operate inside trusted software and infrastructure. By normalizing execution context, parent-child process relationships, network patterns, forensic artifacts, and destination characteristics, the framework exposes stable behavioral signals that persist despite masquerading, renaming, or relocation. It recommends correlating endpoint, network, and cloud telemetry, applying behavioral baselining, and focusing on cumulative transfer analysis rather than single-event or allow-list approaches.

🔒 Researchers disclosed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries, enabling attackers to create bidirectional command-and-control channels and exfiltrate data via DNS despite a "no network access" setting. BeyondTrust rated the issue 7.5/10 and recommends migrating critical workloads to VPC mode and using a Route53 DNS Firewall. Administrators should audit IAM roles and inventory active interpreters immediately.

🔒 Stryker reported a targeted attack that remotely wiped nearly 80,000 corporate devices by abusing Microsoft admin privileges and issuing remote wipe commands through Intune. The company says the incident was confined to its internal Microsoft environment, did not involve deployed malware, and investigators found no evidence of data exfiltration. Operational impacts include offline electronic ordering systems and manual order processing while recovery continues.

⚠️ Phantom Labs Research demonstrated a DNS-based exfiltration technique targeting the AWS Bedrock AgentCore Code Interpreter that bypasses expected Sandbox Mode network restrictions. Maliciously crafted files (for example, CSVs) can influence generated Python code to use DNS queries as a covert command-and-control channel. In tests, researchers executed commands, enumerated and retrieved S3 content and secrets while the environment still reported network access disabled. AWS says this is intended behavior and updated documentation; organisations should inventory AgentCore instances, tighten IAM roles and move sensitive workloads to VPC mode.

🚨 Pro-Iranian group Handala claimed it wiped over 200,000 devices and exfiltrated 50TB of data from medical device maker Stryker, asserting offices in 79 countries were forced to close. Stryker confirmed a cyber incident causing global disruption to its Microsoft environment but said there is no indication of ransomware and that it believes the incident is contained. Experts warned the attack appears to have leveraged enterprise management tools such as Microsoft Intune, suggesting a credential compromise and tactics consistent with Iranian state-linked activity.

🔒 Endor Labs identified a new PhantomRaven npm campaign wave that published 88 malicious packages across 50 disposable accounts, many using slopsquatting to mimic popular projects and names suggested by LLMs. The packages use Remote Dynamic Dependencies in package.json so malware is fetched from attacker-hosted URLs at install time, exfiltrating .gitconfig, .npmrc, environment variables and CI/CD tokens to C2 servers. Researchers note consistent EC2-hosted 'artifact' domains without TLS, an almost unchanged payload across waves, and 81 packages still available; developers should verify publishers and avoid unvetted AI suggestions.

🔒 Cybersecurity researchers disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have allowed attackers to execute arbitrary SQL and exfiltrate data across Google Cloud projects. Tenable has labeled the set of flaws LeakyLooker; there is no evidence of active exploitation and Google patched the issues after responsible disclosure in June 2025. Affected connectors include BigQuery, Spanner, Google Sheets, PostgreSQL, MySQL and many JDBC-based sources, and several bugs could retain stored credentials or enable one-click data exfiltration via crafted reports.

🔒 Researchers uncovered a campaign in which a threat actor exploited multiple enterprise software flaws to harvest system data and deposit it into a free-trial Elastic Cloud SIEM instance. The attacker used an encoded PowerShell payload to collect OS, hardware, Active Directory and patch details, sending records into an Elasticsearch index named systeminfo. Telemetry showed the trial was registered via a disposable email and accessed repeatedly through Kibana as the operator triaged victims. Huntress coordinated with Elastic and law enforcement to notify affected organisations and take the instance offline.

🔒 Two Google Chrome extensions were modified following apparent ownership transfers, allowing attackers to remotely deliver JavaScript payloads, inject code, and harvest sensitive data from users. The affected extensions — QuickLens (~7,000 users) and ShotBird (~800 users) — changed owners in early 2026 and began polling C2 servers for runtime payloads. The update to QuickLens stripped security headers to bypass cross-origin protections, while ShotBird used a fake Chrome-update lure to pivot from browser compromise to host-level execution. Users should remove these extensions, audit browsers, and enterprises should treat extensions as supply-chain risk.

🔒 Ransomware operators are shifting from noisy, disruptive attacks to covert, long-term intrusions focused on data theft and extortion. Picus Security's Red-Teaming report—based on simulations and analysis of 1.1 million malware files and 15.5 million MITRE-mapped actions—finds most common techniques aim to remain undetected. Adversaries increasingly chain vulnerabilities, route C2 through trusted services like OpenAI and AWS, and favor persistence over immediate encryption, though some vendors dispute a reduction in overall activity.

🔒 TriZetto Provider Solutions, part of Cognizant, disclosed a breach that exposed sensitive health and insurance records for about 3,433,965 individuals. The company detected suspicious portal activity on October 2, 2025, and determined that unauthorized access began on November 19, 2024. Exposed data may include names, addresses, dates of birth, Social Security numbers, Medicare and insurance identifiers, provider and insurer names, and other demographic or health information. TriZetto says no payment card or bank account data were exposed, has engaged external cybersecurity experts, notified law enforcement, alerted providers on December 9, 2025, and began customer notifications in early February 2026; affected individuals are being offered 12 months of credit monitoring and identity protection services from Kroll.

🎓 Ransomware groups have shifted from encrypting files to extortion via stolen data, putting schools and universities at higher risk. Incidents in 2025–2026 include an attack on Sapienza University of Rome in February 2026, a vocational center in Treviso and Blacon High School, causing outages and operational disruption. Affordable, set-and-forget security that blocks phishing links and automatically scans USB devices can materially reduce exposure.

🛡️ Unit 42 details CL-UNK-1068, a cluster observed since 2020 that targets aviation, energy, government, law enforcement, pharmaceutical, technology and telecommunications organizations across South, Southeast and East Asia. The actor deploys web shells (GodZilla, an AntSword variant), performs DLL side-loading with legitimate python binaries, and uses custom scanners and tunneling tools such as FRP. Exfiltration focuses on web configuration files, databases and credentials; defenders should prioritize detections for behavioral anomalies over static IOCs.