data leakage

As organizations race to exploit generative AI and broaden their third‑party ecosystems, a startling pattern is emerging: mass adoption without adequate visibility is creating a cascade of security, compliance, and financial risks that many firms are poorly equipped to handle. New survey data...

AI is already everywhere in the enterprise — and the biggest short-term risk may be that most employees don’t even realize they’re using it. Background The conversation about AI risk has, until recently, centered on sophisticated threats: algorithmic bias, model explainability, intellectual...

Two parallel announcements from Meta and Microsoft this week — a patched zero-click vulnerability in WhatsApp and a timetable for mandatory multi-factor authentication across Azure — crystallise a single lesson for enterprise security teams: convenience is no longer an acceptable substitute for...

A newly recorded Chromium vulnerability, tracked as CVE-2025-8881, exposes a weakness in the browser’s File Picker implementation that can be coaxed into leaking cross‑origin data when a user is tricked into specific UI gestures on a crafted page; the bug affects Google Chrome builds prior to...

AI browser assistants are quietly sweeping up private, sensitive information from pages users assume are off-limits — including medical records, bank details, academic transcripts, and even social security numbers — according to a new cross‑national audit of the most popular generative-AI...

I nearly fell off my chair when I found screenshots of my ID cards pinned in Windows’ Clipboard history — and that moment is the exact reason I wiped my Clipboard history to protect my identity and sensitive work data. The fix itself is painfully simple (press Windows+V and use the Clear or...

A recent security vulnerability, identified as CVE-2025-8581, has been discovered in Google Chrome's Extensions component. This flaw could potentially allow remote attackers to leak cross-origin data by persuading users to perform specific actions on a crafted HTML page. Google has addressed...

Tenable has unveiled Tenable AI Exposure, a significant enhancement to its Tenable One platform, designed to provide organizations with comprehensive visibility and control over the use of generative AI tools such as ChatGPT Enterprise and Microsoft Copilot. This development addresses the...

The cybersecurity landscape is once again under heightened scrutiny as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has moved to add two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. This development signals both a persistent threat to federal and...

Major security events in enterprise software rarely unfold in isolation; instead, they are often woven into broader technological trends and industry shifts. Such is the case with the recent disclosure from Asana, the globally popular project management platform, admitting that a critical bug in...

For decades, the fortress-like defense of air-gapped computers—those completely disconnected from external networks—has stood as a cornerstone of security in top-secret governmental agencies, defense contractors, and industries with critical infrastructure. The guiding philosophy was simple: if...

A rapidly unfolding chapter in enterprise security has emerged from the intersection of artificial intelligence and cloud ecosystems, exposing both the promise and the peril of advanced digital assistants like Microsoft Copilot. What began as the next frontier for user productivity and...

The evolution of cybersecurity threats has long forced organizations and individuals to stay alert to new, increasingly subtle exploits, but the recent demonstration of the Echoleak attack on Microsoft 365 Copilot has sent ripples through the security community for a unique and disconcerting...

In a landmark revelation for the security of AI-integrated productivity suites, researchers have uncovered a zero-click data leak flaw in Microsoft 365 Copilot—an AI assistant embedded in Office apps such as Word, Excel, Outlook, and Teams. Dubbed 'EchoLeak,' this vulnerability casts a spotlight...

An unsettling new vulnerability in the Windows ecosystem, identified as CVE-2025-33065, has sent ripples through the IT and security communities. This flaw resides in the Windows Storage Management Provider—a core component tasked with managing and provisioning storage infrastructure across...

An out-of-bounds read vulnerability, newly documented as CVE-2025-33060, has come to light in the Windows Storage Management Provider, posing information disclosure risks for Windows environments. Disclosed by Microsoft in their official Security Update Guide, this vulnerability underscores both...

The rapid integration of artificial intelligence (AI) into business operations has revolutionized productivity and innovation. However, the unsanctioned use of AI tools by employees—often referred to as "shadow AI"—has introduced significant data security risks. This phenomenon exposes...

The discovery of a major Domain Name System (DNS) resolution flaw in Microsoft Azure’s OpenAI service, as documented by Unit 42 researchers in late 2024, cast light on a pivotal but often overlooked aspect of cloud security: the profound risk introduced by misconfigurations—even in managed...

A significant vulnerability in one of the most widely used enterprise database communication protocols has prompted urgent action across the IT landscape, with Oracle’s patch for CVE-2025-30733 shining a spotlight on the persistent risks inherent in legacy technology. With databases lying at the...

The explosive rise of generative AI and large language models has propelled Microsoft Copilot to the forefront of enterprise productivity. While Copilot promises to revolutionize everything from email drafting to real-time meeting insights, this very integration with organizational data...