Security researchers discovered that Huddle01, a decentralized video-call platform, exposed sensitive user data through an open Kafka server. The leak included email addresses, wallet IDs, and IP metadata raising privacy concerns for blockchain-linked users.
As organisations deploy hundreds of AI agents each year, security teams face unprecedented risk. This article outlines a robust framework to govern AI at scale, align speed with control and embed security from day one.
Microsoft has restricted Internet Explorer (IE) Mode in Edge after discovering it was exploited in targeted attacks. The vulnerability, now patched, allowed threat actors to bypass modern security controls by abusing legacy IE components embedded within enterprise browsers.
China’s Ministry of State Security alleges that the U.S. National Security Agency breached its National Time Service Centre over multiple years. The event signals new exposure for timing infrastructure and escalates global cyber conflict.
A critical vulnerability in the Service Finder Bookings plugin bundled with the Service Finder WordPress theme allows unauthenticated attackers to log in as administrators. The flaw, tracked as CVE-2025-5947, is actively exploited in the wild with a CVSS 9.8 rating. Users must patch immediately to prevent takeovers.
Qualcomm’s Guardian aims to rival Intel vPro with always-on device control via built-in cellular connectivity, but the tradeoff may threaten privacy and trust.
Cybersecurity researchers have exposed GuardCB, a fake Russian antivirus app that hides powerful spyware. The malware, known as Android.Backdoor.916.origin, can spy on calls, texts, passwords, and even live stream audio and video from infected devices. Targeting Russian businesses, the app pretends to run virus scans while secretly exfiltrating sensitive data.
Harrods informed loyalty program members of a data breach tied to a third-party provider. The luxury retailer is investigating and urging customer caution.
Exposed Ollama APIs and a critical NVIDIA Container Toolkit flaw raise the stakes for AI infrastructure. Authenticate Ollama, close public 11434, and patch NCT to stop container escapes. Stream LLM and runtime logs off-box, rotate tokens, and validate least-privilege settings to keep model IP and GPU workers safe.
Agentic AI expands your attack surface because agents read and act on untrusted content. Consequently, indirect prompt injection can hijack tool use, leak data, and trigger risky actions. This guide explains how the attack works, how to detect it, and how to deploy guardrails that actually help at enterprise scale.