DoorDash has disclosed a recent cybersecurity incident involving unauthorized access to certain user data following a social engineering attack targeting one of its employees. According to Doordas, they quickly identified the issue, cut off the unauthorized access, and began an review with support from external security experts and authorities. The information accessed was limited to

Continue Reading

Adobe has recently published a batch of security updates affecting many of its most widely used Creative Cloud applications. The patches, released earlier this week, address several critical vulnerabilities with most involving flaws that could allow attackers to run malicious code if a user opened a compromised file. While Adobe states that no active attacks

Continue Reading

A new AI processing platform, Private AI Compute, has been released by Google. Designed to provide cloud-based AI capabilities while maintaining data privacy standards typically associated with on-device processing, the platform aims to enable more advanced AI experiences using Gemini models while keeping user data isolated from access. Platform Architecture and Security Design Private AI

Continue Reading

CVE-2025-12779 addresses improper token handling that could expose user sessions to local attackers https://aws.amazon.com/security/security-bulletins/AWS-2025-025/ Patch Status PATCHED – Amazon Web Services (AWS) has released a fix for this vulnerability. Users should upgrade to Amazon WorkSpaces client for Linux version 2025.0 or later immediately. Vulnerability Overview Amazon’s AWS (Amazon Web Services) disclosed and patched a security

Continue Reading

Cybersecurity researchers at Microsoft have identified a critical vulnerability that could allow attackers to determine conversation topics with AI chatbots, even when communications are fully encrypted. Microsoft’s Defender Security Research Team has disclosed a novel side-channel attack, dubbed “Whisper Leak,” that targets remote language models. The attack exploits patterns in network traffic to infer sensitive

Continue Reading

Tenable Research has disclosed multiple vulnerabilities in OpenAI’s ChatGPT that could allow attackers to steal private information from users’ memories and chat history without their knowledge. The vulnerabilities, discovered through months of investigation and responsibly disclosed in March 2024, have since been fully patched by OpenAI. The vulnerabilities center around prompt injection, a known weakness

Continue Reading

QNAP has released security updates addressing multiple critical vulnerabilities in several of its applications, including a severe SQL injection flaw in QuMagie, the company’s photo management application for network-attached storage (NAS) devices. SQL injection occurs when an attacker can insert malicious code into database queries, potentially allowing them to view, modify, or delete data they

Continue Reading