A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data ...

Reprompt attack hijacked Microsoft Copilot sessions for data theft

Researchers identified an attack method dubbed "Reprompt" that could allow attackers to infiltrate a user's Microsoft Copilot session and issue commands to exfiltrate sensitive data.
Infosecurity Magazine

TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals

TamperedChef creates backdoors and steals user credentials – particularly in organizations reliant on technical equipment ...
InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
The Hacker News

ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories

This week's stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old ...