OpenAI is fighting a court order that would force it to hand over 20 million anonymized ChatGPT conversations as part of the New York Times’ copyright lawsuit, Reuters reports. In a filing on Wednesday, the company warned that complying would expose private user chats that have nothing to do with the case, calling it a “speculative fishing expedition.” Reuters said OpenAI argued 99.99% of the requested logs bear no relevance to the copyright claims. The Times and other outlets say they need the chats to test whether their articles were reproduced and to counter OpenAI’s allegation that they “hacked” the model…
Kirsten Doyle
Kirsten Doyle
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
UK insurers paid out nearly £200 million to help businesses recover from cyber incidents last year, according to new figures from the Association of British Insurers (ABI). This is a steep increase that highlights the growing impact of digital threats on the UK economy. The ABI’s latest data shows £197 million was paid out in 2024, a 230% increase year-on-year, with payouts up £138 million from 2023. More than half of all claims (51%) were linked to malware and ransomware, compared with 32% a year earlier, evidence of how increasingly sophisticated attacks are inflicting greater operational and financial damage. The…
Cybercrooks are getting an upgrade. KnowBe4 Threat Lab has uncovered Quantum Route Redirect, a new phishing platform that’s upping the ante by making sophisticated attacks almost effortless to launch. The tool, now circulating globally, streamlines what was once a technically complex phishing setup into a single click. Attackers using it can automatically evade certain email security filters, impersonate trusted brands, and harvest Microsoft 365 credentials at scale. The Impact is Spreading Fast Analysts first detected Quantum Route Redirect in August through KnowBe4’s PhishER Plus and Defend platforms. Since then, it’s been linked to phishing campaigns spanning 90 countries. Most victims…
A new phishing campaign uncovered by analysts at sekoia.io is exploiting the hospitality industry at scale, targeting both Booking.com partners and their guests in a sophisticated, multi-stage fraud scheme. Codenamed “I Paid Twice,” the operation combines infostealing malware, social engineering, and payment fraud, effectively turning compromised hotel accounts into launchpads for attacks against unsuspecting travellers. Hotels as the First Breach Point The campaign, active since at least April 2025, begins with spearphishing emails sent from compromised Booking.com partner accounts. These messages, often referencing genuine reservation IDs or guest requests, are convincing because they draw directly on real booking data that…
Microsoft has identified a new kind of side-channel attack capable of exposing the topics of encrypted conversations with remote language models, even when protected by Transport Layer Security (TLS). Dubbed a streaming inference attack, the method allows an observer with access to network traffic (such as an ISP, local network monitor, or malicious actor on public Wi-Fi) to infer what a user is talking about with an AI system. The discovery underscores the growing privacy stakes around AI-powered chatbots now woven into everything from customer service to legal and healthcare assistance. Even with end-to-end encryption in place, network-level observers can…
The OWASP Top 10, the benchmark list of the most critical web application security risks, is back for its 8th edition, and the 2025 update tells a story: the fundamentals still matter, but the ecosystem has changed. Broken Access Control once again takes the top spot. It’s the flaw behind countless breaches, users seeing or doing things they shouldn’t. Nearly 4% of tested applications had at least one such weakness. Security Misconfiguration jumps from #5 to #2, reflecting how modern apps increasingly rely on complex configurations that can be easily mismanaged. A single toggle or default left open can expose…
ClickFix attacks have exploded over the last year, evolving into one of the most effective forms of social engineering seen in the wild. By convincing users to copy and run malicious code on their own devices, bad actors have turned one of the oldest trust mechanisms in computing (copy-and-paste) into a weapon. At Push Security’s recent threat briefing in London, researchers showcased the most sophisticated ClickFix page observed to date. It’s a glimpse into how fast these attacks are developing, and how far they’ve come from crude proof-of-concepts just a year ago. A New Level of Deception The standout example…
A new cybercrime alliance is taking shape. The emerging collective (combining three of the most notorious groups, Scattered Spider, LAPSUS$, and ShinyHunters) has launched no fewer than 16 Telegram channels since 8 August 8. In a new advisory, Trustwave SpiderLabs says the group, now dubbed Scattered LAPSUS$ Hunters (SLH), is positioning itself as a federated collective. It’s a shift from earlier hints of tactical cooperation to something a lot more structured and persistent. “Since its debut, the group’s Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle…
Trust has always been the glue of digital collaboration, but new research shows it can also be the weak link. Check Point Research has uncovered multiple vulnerabilities in Microsoft Teams that could allow bad actors to impersonate executives, alter chat history, and spoof notifications, all without detection. With over 320 million active users, Teams has become a key channel for business communication, powering meetings, decisions, and day-to-day teamwork across organizations. But these new findings highlight how attackers can exploit the very trust that makes these platforms work. “Trust alone isn’t a security strategy,” the researchers warned. “Collaboration tools are now…
Google is rolling out an enhanced autofill feature for Chrome designed to make filling out online forms faster and easier, security experts are urging caution. According to Google’s announcement, the new version of autofill will go beyond storing basic data like names and addresses. Chrome will now be able to save and automatically populate sensitive details such as driver’s license numbers, passport information, and vehicle VINs, with Google emphasizing that privacy and control remain central. “We’ve designed enhanced autofill to be private and secure. When you enter relevant info into a form, Chrome will save this data only with your…