data leakage

GitHub’s new Agent HQ and a string of high‑profile AI slipups have pushed a single, urgent message to the front pages of enterprise security teams: the rapid agentification of developer and consumer workflows is exposing brand secrets in ways that traditional data‑protection tooling was not...

AI agents are moving from niche productivity tools to enterprise-grade collaborators, and as GitHub’s new Agent HQ promises to centralize and orchestrate third‑party coding agents, the balance between developer velocity and brand confidentiality has become urgent and precarious. Background AI...

Brands woke up this week to a new and uncomfortable truth: AI agents that were supposed to help employees and customers are increasingly becoming vectors for leaking brand secrets, sensitive customer data, and proprietary IP—and the pace of that risk is accelerating as agentic assistants...

Employees are quietly funneling corporate secrets into consumer chatbots — and this isn't an isolated lapse of judgment so much as a structural blind spot in how modern enterprises use AI-enabled tools. A new security analysis from LayerX finds that nearly half of employees now use generative AI...

As organizations race to exploit generative AI and broaden their third‑party ecosystems, a startling pattern is emerging: mass adoption without adequate visibility is creating a cascade of security, compliance, and financial risks that many firms are poorly equipped to handle. New survey data...

AI is already everywhere in the enterprise — and the biggest short-term risk may be that most employees don’t even realize they’re using it. Background The conversation about AI risk has, until recently, centered on sophisticated threats: algorithmic bias, model explainability, intellectual...

In January, security researchers at Aim Labs disclosed a zero-click prompt‑injection flaw in Microsoft 365 Copilot that demonstrated how a GenAI assistant with broad document access could be tricked into exfiltrating sensitive corporate data without any user interaction—an attack class that...

Google Drive is incredibly convenient—powerful file syncing, real-time collaboration, and tight integration with Gmail and Google Workspace—but that ease of use can quickly turn into a privacy hazard if sharing and account controls are left on autopilot. A short security sweep right now can...

Two parallel announcements from Meta and Microsoft this week — a patched zero-click vulnerability in WhatsApp and a timetable for mandatory multi-factor authentication across Azure — crystallise a single lesson for enterprise security teams: convenience is no longer an acceptable substitute for...

A newly recorded Chromium vulnerability, tracked as CVE-2025-8881, exposes a weakness in the browser’s File Picker implementation that can be coaxed into leaking cross‑origin data when a user is tricked into specific UI gestures on a crafted page; the bug affects Google Chrome builds prior to...

AI browser assistants are quietly sweeping up private, sensitive information from pages users assume are off-limits — including medical records, bank details, academic transcripts, and even social security numbers — according to a new cross‑national audit of the most popular generative-AI...

I nearly fell off my chair when I found screenshots of my ID cards pinned in Windows’ Clipboard history — and that moment is the exact reason I wiped my Clipboard history to protect my identity and sensitive work data. The fix itself is painfully simple (press Windows+V and use the Clear or...

In an announcement that has quickly rippled throughout the IT world, Microsoft has disclosed CVE-2025-53787, an information disclosure vulnerability affecting the Microsoft 365 Copilot BizChat feature. This vulnerability opens a concerning chapter in the evolution of enterprise AI, as...

A recent security vulnerability, identified as CVE-2025-8581, has been discovered in Google Chrome's Extensions component. This flaw could potentially allow remote attackers to leak cross-origin data by persuading users to perform specific actions on a crafted HTML page. Google has addressed...

Tenable has unveiled Tenable AI Exposure, a significant enhancement to its Tenable One platform, designed to provide organizations with comprehensive visibility and control over the use of generative AI tools such as ChatGPT Enterprise and Microsoft Copilot. This development addresses the...

In the ongoing arms race between tech giants, software vulnerabilities are increasingly weaponized not only by cybercriminals but by the vendors themselves in the battle for narrative control. Microsoft’s recent public exposure of a serious macOS security flaw—dubbed "Sploitlight" and tracked as...

Microsoft 365 now sits at the heart of productivity for many organizations, managing everything from email and collaboration to document storage and workflow automation. But as the attack surface of cloud environments expands and regulatory scrutiny mounts, the limitations of native Microsoft...

As organizations march deeper into the era of AI-driven transformation, the paramount question for enterprise IT leaders is no longer whether to adopt artificial intelligence, but how to secure the vast torrents of sensitive data that these tools ingest, generate, and share. The arrival of the...

As of now, there is no detailed reference to CVE-2025-48823 specifically in the major Windows security forums or the provided internal sources. However, based on the vulnerability class and similar recent Windows Cryptographic Services information disclosure issues, a typical scenario involves...

The cybersecurity landscape is once again under heightened scrutiny as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has moved to add two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. This development signals both a persistent threat to federal and...