Browser Extension Harvests 8M Users’ AI Chatbot Data

Source: Dark Reading

A popular Chrome extension marketed for privacy was quietly collecting and selling content from users’ AI conversations. For SMBs, that is a reminder to restrict browser extensions, enforce allow lists, and review permissions that can capture on-screen data and network traffic.

Link to article

Coupang data breach traced to ex-employee who retained system access

Source: BleepingComputer

Coupang says a former employee kept access after leaving, leading to a breach that exposed tens of millions of customer records. The lesson is basic but vital: tighten offboarding, remove credentials fast, rotate keys, and monitor for lingering access from departed staff and vendors.

Link to article

Nation-State and Cybercrime Exploits Tied to React2Shell

Source: Bank Info Security

Researchers report broad exploitation of the React2Shell flaw by both state actors and profit-driven gangs. Attacks range from cryptomining to DDoS and data theft. If your web apps use affected frameworks, inventory exposure, apply mitigations, and hunt for unusual build or runtime activity.

Link to article

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypasses

Source: The Hacker News

Threat actors are exploiting fresh authentication bypass flaws in FortiGate gear to log in via SSO and move inside networks. Prioritize patches, restrict management exposure, require phishing-resistant MFA, and watch for suspicious SSO events from your firewalls and proxies.

Link to article

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear

Source: SecurityWeek

A new Cisco zero day in Secure Email Gateway and related appliances is under active attack. Compromised gear can lead to deeper access and email tampering. Lock down management interfaces, apply vendor mitigations, and monitor for configuration changes and odd mail routing.

Link to article