Coinbase reported an insider breach involving a contractor who accessed data of about thirty customers in December. This incident follows the release of internal screenshots by a group called "Scattered Lapsus Hunters," though it's unclear if they were involved in the breach. Coinbase has informed affected users and relevant regulators.

Researchers from Varonis discovered a flaw in Microsoft’s Copilot AI that allowed attackers to steal sensitive user data with a single click. By embedding malicious instructions in a legitimate URL, they extracted information like user names and locations without needing further user interaction. The exploit bypassed standard security measures.

A long-running campaign by a group called ShadyPanda has infected 4.3 million users of Chrome and Edge with spyware hidden in legitimate-looking browser extensions. Some of these extensions, still available on the Edge store, allow attackers to track user behavior and steal sensitive data. Researchers warn that the infrastructure for attacks remains active even after the extensions have been removed.

Hundreds of e-commerce sites have been compromised in a supply-chain attack that allowed malware to execute malicious code in visitors' browsers, potentially stealing sensitive payment information. The attack involved at least three software providers and may have affected up to 1,000 sites, with the malware remaining dormant for six years before activation. Security firm Sansec reported limited global remediation efforts for the affected customers, including a major multinational company.

An Oregon agency has announced that hackers successfully stole sensitive data during a recent cyberattack. The breach has raised concerns about the security of personal information and the measures being taken to protect it moving forward.

The latest version of the 'Crocodilus' Android malware now includes a feature that adds fake contacts to infected devices, allowing attackers to spoof trusted callers and enhance their social engineering tactics. Initially identified in Turkey, the malware has expanded its reach globally and incorporates advanced evasion techniques to avoid detection while stealing sensitive data. Android users are advised to exercise caution and download only from trusted sources to mitigate risks.

Researchers from King's College London warn that large language model (LLM) chatbots can be easily manipulated into malicious tools for data theft, even by individuals with minimal technical knowledge. By using "system prompt" engineering, these chatbots can be instructed to act as investigators, significantly increasing their ability to elicit personal information from users while bypassing existing privacy safeguards. The study highlights a concerning gap in user awareness regarding privacy risks associated with these AI interactions.

Two malicious RubyGems packages masquerading as Fastlane plugins have been discovered, intercepting Telegram API requests to steal sensitive data such as chat IDs, message content, and bot tokens. The packages, which typosquat legitimate Fastlane plugins, redirect data to attacker-controlled servers, posing a significant risk to developers using these tools. Affected users are advised to remove the malicious gems and rotate their bot tokens immediately.