Blog
-
Lenovo’s Lena AI Chatbot Is a Cautionary Tale About Rapid Adoption
Researchers found that asking the AI chatbot for information about a particular product was the entry point for this attack. The chatbot can be told to output its reply in HTML, JSON and plain text in a specific order that can then be fed back to it as instructions.
-
Privacy Regulator’s Suit Could Mean Possible Huge Penalties for Optus Over 2022 Data Breach
Australia’s rules provide for fines of up to AUD 2.2 million per impacted customer. And the privacy regulator is seeking to treat each of the about 9.5 million Optus customers as an individual data breach for fine purposes, as it looks to make examples of some of the largest breach victims believed to have been…
-
WhatsApp Cracks Down, Bans 6.8M Scam Accounts
Meta indicates that WhatsApp has spent the first half of 2025 taking out some 6.8 million scam accounts. While that’s an eye-popping number, it is commensurate with an explosion of social media fraud that has made it one of the most popular (and lucrative) forms of cyber crime in recent years.
-
New IBM Cost of Data Breach Report: Costs Down Globally, But Control of AI is Key
The 2025 IBM Cost of Data Breach Report is out, and it leads with something that would usually be a piece of good news: global data breach costs are down for the first time in five years. There are a couple of big asterisks attached to this news, however.
-
Google Reports Salesforce Hack, ShinyHunters Plans to Launch Data Breach Site
Google’s own Salesforce hack involved the contact information of an unspecified number of small to medium businesses and was not considered a serious issue as the tranche of data was “largely public” anyway. The company did not disclose the data breach until two months after it began warning about the ShinyHunters campaign, however.
-
Nvidia Denounces Backdoors as China Makes Accusations About AI Chips
China’s Cyberspace Administration grabbed headlines recently when it accused Nvidia of putting backdoors in the series of AI chips that it is approved to sell there.
-
Search Engines Picking Up ChatGPT Conversations is the Latest Privacy Surprise for LLM Users
A cache of about 100,000 ChatGPT conversations that made their way to Google’s index is the latest surprise appearance of LLM exchanges in public. While OpenAI claims that users were properly informed, it has also since disabled the feature and is talking to search engines about de-indexing the conversations that they picked up.
-
Have ShinyHunters and Scattered Spider Teamed Up? New Cyber Attack Attributions Paint a Complex Picture
Misattribution of some ShinyHunters cyber attacks to Scattered Spider, such as the early July attack on Qantas, stems from the fact that the group was known to be targeting that industry at that time and the fact that some key details were not available to the public.
-
Browsers are Wide Open to LLM Prompt Injection Attacks
The “Man In The Prompt” prompt injection attacks consist of two proof-of-concept hacks that compromise ChatGPT and Google Gemini. Nearly all of the major LLM models are similarly vulnerable, however, and may be plugged into a broad assortment of data that attackers could trivially steal without being detected.
-
First Drones, Then Cyber Attacks; Aeroflot Under Siege From Ukrainian Hackers
The group Silent Crow took credit for a recent attack on major regional airline Aeroflot, an apparent ransomware attack that caused a rash of flight cancellations and delays. The hackers claim that they spent a year reconnoitering and planning the Aeroflot cyber attack while having a foothold in their systems.