Researchers discovered a vulnerability in ChatGPT that allows the exfiltration of user data, with the attack sending data directly from ChatGPT servers. This exploit, called ZombieAgent, builds on a previous attack known as ShadowLeak and demonstrates the ongoing security challenges in AI chatbots.

This article details a critical vulnerability (CVE-2025-14847) in the zlib library that allows unauthenticated attackers to remotely access sensitive data from MongoDB server memory. By sending malformed packets, attackers can extract private information, including user data and API keys.

Google fixed a serious vulnerability in its Gemini Enterprise AI that allowed attackers to embed malicious instructions in shared documents, leading to unauthorized access to sensitive corporate information. This flaw, discovered by Noma Labs, exploited the AI's retrieval system to execute commands without employee interaction.

A new zero-click vulnerability named 'EchoLeak' has been discovered in Microsoft 365 Copilot, allowing attackers to exfiltrate sensitive data without user interaction. Although Microsoft has fixed the issue and there is no evidence of real-world exploitation, the flaw highlights significant risks associated with AI-integrated systems and emphasizes the need for improved security measures against such vulnerabilities.

A vulnerability in ServiceNow, identified as Count(er) Strike, allows low-privileged users to extract sensitive data due to misconfigured Access Control Lists (ACLs). Discovered by Varonis Threat Labs, the flaw enables users to enumerate restricted data by manipulating queries, potentially exposing sensitive information even in instances with limited access. ServiceNow has introduced new ACL frameworks to mitigate this issue, but organizations are advised to review their existing configurations to ensure data security.