Dark Reading

Fake AI Chrome Extensions Steal 900K Users' Data

Threat actors ripped off a legitimate AI-powered Chrome extension in order to harvest ChatGPT and DeepSeek data before ...
InfoWorld

Open WebUI bug turns the ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...

Grok assumes users seeking images of underage girls have “good intent”

Billed as “the highest priority,” superseding “any other instructions” Grok may receive, these rules explicitly prohibit Grok ...
The Hacker News

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian-linked APT28 ran credential-harvesting attacks in 2025 using fake Microsoft, Google, and VPN login pages, PDF lures, ...
CMU School of Computer Science

Databases in 2025: A Year in Review

The world tried to kill Andy off but he had to stay alive to to talk about what happened with databases in 2025.
Microsoft

Phishing actors exploit complex routing and misconfigurations to spoof domains

Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, ...

Hackers target misconfigured proxies to access paid LLM services

Threat actors are systematically hunting for misconfigured proxy servers that could provide access to commercial large ...