#git

Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users' memories and chat histories without their knowledge. The seven vulnerabilities and attack techniques, according to Tenable, were found in OpenAI's GPT-4o and GPT-5 models. OpenAI has

Norton finds a flaw in the new Midnight ransomware built from Babuk code and releases a free decryptor to help victims recover files without paying a ransom.

Chrome’s enhanced autofill makes storing your passport and ID easy—but convenience like this can come at a high cost.

New AWS report data reveals the top four security failure points in the cloud, including vulnerability exploitation (24%)…

A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the

The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program," said Under Secretary of

In a bulletin to law enforcement agencies, the FBI said criminal impersonators are exploiting ICE’s image and urged nationwide coordination to distinguish real operations from fakes.

## Summary The transformation policy template feature in Kgateway versions through 2.0.4 allows users with TrafficPolicy creation permissions to craft transformations that read and expose arbitrary files from the dataplane container filesystem. ## Description ### Impact Users with permissions to create a TrafficPolicy can create a transformation that returns files from within the dataplane container. While no secrets are mounted to the container by default, users who mount custom volumes to the dataplane should be aware of potential data exposure through this vulnerability. This could allow unauthorized access to: - Configuration files within the container - Custom mounted volumes and their contents - Any files accessible to the dataplane container process ### Patches Upgrade to version 2.0.5 or 2.1.0. These versions include an updated transformation filter in envoy-gloo that prevents file access through transformation templates. ### Workarounds If you are not using transforma...

## Summary The xDS interface in Kgateway versions 2.0.0 through 2.0.4 lacks authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster metadata. ## Description ### Impact Kgateway xDS interface did not have authorization, so anonymous clients with unrestricted network access could gain access to the xDS data. This could expose sensitive information about your gateway configuration, certificate data, backend services, and routing topology to unauthorized parties. ### Patches Upgrade to version 2.0.5 or 2.1.0. These versions enable JWT-based authentication for the xDS interface by default, ensuring that only authenticated clients can access the xDS configuration data. ### Workarounds If immediate upgrade is not possible, NetworkPolicies can be used to block access to kgateway's xDS port, restricting network access to on...

Microsoft researchers found the SesameOp backdoor using OpenAI’s Assistants API for remote access, data theft, and command communication.