< ciso
brief />
Tag Banner

All news with #data exfiltration tag

217 articles · page 6 of 11

Ex-Google Engineers Indicted for Trade Secret Theft

🔒 Three former Google engineers and one spouse were indicted in U.S. federal court for allegedly stealing trade secrets and transferring sensitive files, including materials related to Google's Tensor processor, to unauthorized locations reportedly including Iran. The defendants — Samaneh Ghandali, Mohammadjavad Khosravi and Soroor Ghandali — are accused of exfiltrating documents to third‑party channels, copying files to personal and employer devices, and concealing their actions. They were arrested in San Jose after Google detected suspicious activity and notified law enforcement; the indictment carries multiple counts with significant prison and fine exposures.
read more →

Flaws in Popular IDE Extensions Risk Data Exfiltration

🔒 Researchers at OX Security discovered four vulnerabilities in popular IDE extensions that enable local file access, arbitrary code execution and data exfiltration. Affected platforms include Microsoft Visual Studio Code and forks Cursor and Windsurf, with the vulnerable extensions collectively downloaded over 128 million times. Three of the issues were assigned CVEs after disclosure; one Live Preview flaw was quietly fixed by Microsoft.
read more →

Millions of Chrome Extensions Leak Users' Browsing History

🔍 A security researcher using the pseudonym Q Continuum discovered 287 Chrome extensions that send users' browsing history and related metadata to remote servers. The investigator ran an automated pipeline that launched Chrome in Docker, installed extensions, visited test sites, and captured outgoing traffic to reveal risky behavior across VPNs, proxy tools, coupon and PDF add‑ons, and browser utilities. Many extensions request broad cross‑site host permissions and transmit data in obfuscated or encrypted formats (Base64, ROT47, LZ‑String, even AES‑256 wrapped in RSA‑OAEP), which makes detection harder and can enable corporate espionage or credential harvesting when cookies are included.
read more →

Eurail Data Breach: Stolen Traveler Records Sold on Dark Web

🔒 Eurail B.V. confirmed that customer data stolen in a breach earlier this year is now being offered for sale on the dark web, and a sample dataset was published on Telegram. The company says it is still determining which specific records and how many customers are affected, but reported compromised fields may include full names, passport and ID numbers, IBANs, health details, and contact information. GDPR-required notifications have been filed and non-EU authorities will be informed. Customers are urged to change reused passwords, monitor bank accounts closely, and contact privacyhelp@eurail.com for support and FAQs.
read more →

Leaky Chrome Extensions Exposed Browsing Histories

🔍 An estimated 37 million global installs of Chrome extensions have been found transmitting users’ browsing histories to external servers. Independent researcher 'Q Continuum' identified 287 extensions that sent data closely matching visited URLs during automated simulated browsing. Flagged add-ons spanned VPNs, productivity tools, shopping/coupon helpers and browser utilities, and many obfuscated outbound payloads using base64, ROT47, compression or strong encryption. The researcher warned such exfiltration could expose internal corporate URLs and, where cookies or session data are accessible, enable credential harvesting.
read more →

Crypto Payments Fueling Human Trafficking Networks

💸 Chainalysis reports that cryptocurrency inflows linked to human trafficking surged 85% year-on-year, generating hundreds of millions in revenue. The analysis identifies four crypto-driven trafficking types—international escort services, labor placement agents, prostitution networks and CSAM vendors—often coordinated via Telegram and Chinese-language money laundering (CMLN) networks. Key indicators include large stablecoin conversions, cross-border transfers and concentrated fund flows to trafficking hubs.
read more →

Malicious Chrome Extensions Exfiltrate Business Data

🔒 Researchers uncovered multiple malicious Chrome extensions that exfiltrate sensitive data from business and social media accounts, including a Meta‑focused add‑on named CL Suite that steals TOTP seeds, one‑time codes and Business Manager exports. Other campaigns detailed include a large‑scale VK Styles hijack of VKontakte accounts and the AiFrame cluster of AI‑themed add‑ons that siphon emails and page content. A Q Continuum study also found hundreds of extensions leaking browsing history to data brokers. Experts recommend strict extension controls, frequent audits, and allowlisting to reduce risk.
read more →

Fake AI Chrome Extensions Steal Credentials and Spy

🛡️ Over 260,000 Google Chrome users downloaded fake AI assistant extensions that delivered malicious functionality capable of harvesting credentials, monitoring Gmail and granting remote access to attackers. Researchers at LayerX identified more than 30 malicious extensions—collectively labeled AiFrame—many of which mimicked ChatGPT, Claude, Grok and Gemini and were even featured in the Chrome Web Store, increasing exposure. The campaign used "extension spraying" and a full‑screen iframe that loads remote content to evade detection and exfiltrate data; although many extensions have been removed, affected users remain at risk.
read more →

Romania's Conpet Confirms Data Theft After Qilin Attack

🔒Conpet S.A., Romania's national oil pipeline operator, confirmed that the Qilin ransomware gang exfiltrated company data following a breach of its corporate IT environment. The company said operational systems remained unaffected and it is cooperating with the Romanian National Cyber Security Directorate (DNSC) as investigators assess the incident. Qilin claims nearly 1TB of documents and published a proof sample of 16 images containing internal financial records and passport scans; some files are marked confidential and dated as recently as November 2025. Conpet warned that compromised data may be used for fraud and advised potentially impacted individuals to verify any urgent contact using official channels.
read more →

Attackers Prefer Stealthy Persistence for Extortion

🦠 Picus Security's Red Report 2026 analyzed over 1.1 million malicious files and 15.5 million actions, finding attackers favor stealthy persistence and evasion to silently exfiltrate data for extortion. Process injection accounted for 30% of techniques, while adversaries routed C2 through high-reputation services like OpenAI and AWS and used stolen browser passwords to masquerade as users. The report warns that virtualization/sandbox evasion and increased technique counts make detection more challenging.
read more →

AI Coding Assistants Secretly Exfiltrate Developers' Code

⚠️A new report alleges two popular AI coding assistants, together used by roughly 1.5 million developers, are quietly copying everything they ingest to servers in China. Security researchers say the extensions capture editor content, code snippets, and related telemetry without clear user disclosure. The behavior appears systematic and persistent rather than incidental. Until vendors provide transparent remediation, developers and organizations should avoid unvetted extensions and perform immediate audits and containment.
read more →

Former Google Engineer Guilty of Stealing AI Secrets

🔒 A former Google engineer, Linwei Ding, was convicted by a US federal jury on 14 counts, including economic espionage and theft of trade secrets, after allegedly exfiltrating over 2,000 pages of sensitive AI technical documents. Prosecutors say he copied data into Apple Notes, converted it to PDFs, and uploaded the materials to a personal Google Cloud account to evade DLP controls. The stolen IP involved custom TPU and GPU orchestration software and SmartNIC designs intended for AI supercomputers, and the DoJ alleges Ding planned to support Chinese state-affiliated entities.
read more →

Former Google Engineer Convicted for Stealing AI Data

🔒 A U.S. jury has convicted Linwei Ding, a former software engineer at Google, for stealing confidential AI supercomputer information and covertly sharing it with China-based technology firms. Prosecutors say Ding exfiltrated more than 2,000 pages of proprietary material — including details about TPU and GPU systems, orchestration software, and SmartNIC networking — by uploading files to his personal cloud account between May 2022 and April 2023. He later founded Shanghai Zhisuan Technology Co., sought government talent programs, and was convicted on multiple counts of economic espionage and trade secret theft after an 11-day San Francisco trial.
read more →

Chrome Extensions Inject Affiliate Tags, Steal Tokens

⚠️Researchers discovered a coordinated network of malicious Google Chrome extensions that inject attacker affiliate tags into e-commerce links, scrape product data, and exfiltrate OpenAI ChatGPT authentication tokens. A cluster of 29 add-ons (including Amazon Ads Blocker) targeted Amazon, AliExpress, Best Buy, Shein, Shopify and Walmart. Separate groups intercepted ChatGPT tokens or abused permissions to harvest cookies and clipboard data. Experts warn these behaviors violate Chrome Web Store policies and urge caution when installing extensions requesting broad permissions or combining unrelated features.
read more →

Match Group Breach Exposes Data from Multiple Dating Apps

🔒Match Group confirmed a security incident after the ShinyHunters group leaked 1.7 GB of compressed files allegedly containing about 10 million records from Hinge, Match, and OkCupid, along with internal documents. The company says it terminated unauthorized access, is working with external experts, and believes a limited amount of user data was exposed with no indication that login credentials, financial information, or private communications were accessed. Match Group is notifying affected individuals as appropriate and continuing its investigation.
read more →

Ransomware Data Leaks Surge in Q4 2025 Despite Fewer Groups

🔐 ReliaQuest analysis shows ransomware data leaks rose sharply in Q4 2025, with posts on leak sites up 50% quarter-on-quarter and 40% year-on-year. The researchers found fewer active ransomware groups overall, but top-tier RaaS operators increased their output and speed of execution. Qilin, Akira and Sinobi were the most prolific, with Qilin claiming 450+ victims. ReliaQuest urges stronger controls such as MFA and improved data-exfiltration monitoring to reduce impact.
read more →

Mustang Panda Deploys Updated COOLCLIENT for Data Theft

🚨 Kaspersky reports that China-linked Mustang Panda used an updated COOLCLIENT backdoor in 2025 to exfiltrate data from government targets across Myanmar, Mongolia, Malaysia, and Russia. The implant was deployed as a secondary backdoor alongside PlugX and LuminousMoth, delivered via encrypted loaders and abusing DLL side-loading of legitimately signed binaries. COOLCLIENT harvests keystrokes, clipboard data, files, and HTTP proxy credentials, can establish reverse tunnels, and loads in-memory plugins; recent waves also incorporated browser credential stealers and a previously unseen rootkit.
read more →

Tax Phishing Targets Indian Users to Deliver Blackmoon

🧾 Cybersecurity researchers uncovered a phishing campaign impersonating India's Income Tax Department that delivers a multi-stage backdoor to targeted users. The attackers distribute a ZIP containing an executable that sideloads a malicious DLL, performs anti-analysis checks, and fetches further payloads, ultimately deploying a Blackmoon variant alongside a repurposed SyncFuture TSM RMM tool. The operation employs UAC bypass, process masquerading, antivirus exclusion manipulation, and numerous helper scripts to establish persistent, covert access for long-term monitoring and data exfiltration.
read more →

Malicious VS Code AI Extensions Exfiltrate Developer Data

⚠️ Koi Security researchers uncovered two malicious Microsoft Visual Studio Code extensions marketed as AI coding assistants that also exfiltrate developer files to China-based servers. The extensions — ChatGPT - 中文版 (whensunset.chatgpt-china, 1,340,869 installs) and ChatGPT - ChatMoss(CodeMoss) (zhukunpeng.chat-moss, 151,751 installs) — function normally while encoding every opened file and edits in Base64 and sending them to aihao123[.]cn. The campaign, dubbed MaliciousCorgi, includes remote-triggered bulk exfiltration and a hidden zero-pixel iframe that loads Chinese analytics SDKs to fingerprint users. Remove suspicious extensions, audit workspaces, and follow supply-chain hardening guidance.
read more →

Malicious AI VSCode Extensions Exfiltrate Developer Data

⚠️ Researchers from Koi found two malicious AI-style extensions on the VSCode Marketplace — ChatGPT – 中文版 and ChatMoss — that together have 1.5 million installs and silently transmit developer files to China-based servers. The extensions implement three distinct data-collection methods: real-time file reads and Base64 exfiltration via hidden webviews, a server-controlled file-harvest command that can steal up to 50 files, and a zero-pixel iframe that loads commercial analytics SDKs for fingerprinting and behavioral tracking. At publication both extensions were still available and Microsoft had not responded to inquiries.
read more →