Researchers discovered a vulnerability in ChatGPT that allows the exfiltration of user data, with the attack sending data directly from ChatGPT servers. This exploit, called ZombieAgent, builds on a previous attack known as ShadowLeak and demonstrates the ongoing security challenges in AI chatbots.

This article details a critical vulnerability (CVE-2025-14847) in the zlib library that allows unauthenticated attackers to remotely access sensitive data from MongoDB server memory. By sending malformed packets, attackers can extract private information, including user data and API keys.

A vulnerability in ServiceNow, identified as Count(er) Strike, allows low-privileged users to extract sensitive data due to misconfigured Access Control Lists (ACLs). Discovered by Varonis Threat Labs, the flaw enables users to enumerate restricted data by manipulating queries, potentially exposing sensitive information even in instances with limited access. ServiceNow has introduced new ACL frameworks to mitigate this issue, but organizations are advised to review their existing configurations to ensure data security.