Latest news as of 11/15/2025, 9:31:15 PM
Bleeping Computer
Google's AI assistant Gemini is vulnerable to ASCII smuggling, a well-documented attack method that could trick it into providing users with fake information, alter the model's behavior, and silently poison its data. [...]
The Register
Microsoft Copilot, not so much Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission.…
Dark Reading
In a recent poll, readers shared how they're using vibe coding in AppDev (if they are at all). While some found success, others found the risks too great.
Bleeping Computer
Sports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of credential stuffing attacks. [...]
The Hacker News
A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. "The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents," Aryaka Threat Research Labs
Dark Reading
Researchers say exploitation of CVE-2025-10035 requires a private key, and it's unclear how Storm-1175 threat actors pulled this off.
Bleeping Computer
The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early August, according to cybersecurity company CrowdStrike. [...]
Bleeping Computer
North Korean hackers have stolen an estimated $2 billion worth of cryptocurrency assets in 2025, marking the largest annual total on record. [...]
The Register
No fraud monitoring and no apology after miscreants make off with medical, financial data Florida-based Doctors Imaging Group has admitted that the sensitive medical and financial data of 171,862 patients was stolen during the course of a November 2024 cyberattack.…
Bleeping Computer
Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen data is unreadable without proprietary tools. [...]