Cybersecurity

New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes 

New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes 

Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model’s (LLM) safety and content moderation guardrails with just a single character change.
“The TokenBreak attack targets a text classification model’s tokenization strategy to induce false negatives, leaving end targets vulnerable to attacks that the implemented

AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar 

AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar 

AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you’re not paying attention.
Behind every AI agent, chatbot, or automation script lies a growing number of non-human identities — API keys, service accounts, OAuth tokens — silently operating in the background.
And here’s

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction 

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction 

A novel attack technique named EchoLeak has been characterized as a “zero-click” artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot’s context sans any user interaction.
The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been already

Non-Human Identities: How to Address the Expanding Security Risk 

Non-Human Identities: How to Address the Expanding Security Risk 

Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security platform is here to close the gap.
Enterprises are Losing Track of Their Machine Identities
Machine identities–service

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks 

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks 

ConnectWise has disclosed that it’s planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security concerns.
The company said it’s doing so “due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool 

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool 

Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts.
The activity, codenamed UNK_SneakyStrike by Proofpoint, has affected over 80,000 targeted user accounts across hundreds of organizations’ cloud tenants since a

Smashing Security podcast #421: Toothpick flirts, Google leaks, and ICE ICE scammers 

Smashing Security podcast #421: Toothpick flirts, Google leaks, and ICE ICE scammers 

What do a sleazy nightclub carpet, Google’s gaping privacy hole, and an international student conned by fake ICE agents have in common? This week’s episode of the “Smashing Security” podcast obviously.

Graham explains how a Singaporean bug-hunter cracked Google’s defences and could brute-force your full phone number. Meanwhile, Carole dives into a chilling scam where ICE impersonators used fear, spoofed numbers, and… Apple gift cards to extort terrified migrants.

Plus: Nazis, door safety, and the age-old struggle of telling Ralph Fiennes from Liam Neeson.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X