Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

Malicious AI Tools Assist in Phishing and Ransomware Attacks

Dec 5, 2025 By KnowBe4 Team In KnowBe4
Researchers at Palo Alto Networks’ Unit 42 are tracking two new malicious AI tools, WormGPT 4 and KawaiiGPT, that allow threat actors to craft phishing lures and generate ransomware code. These tools are criminal alternatives to mainstream AI tools like ChatGPT, with no safety guardrails to prevent users from using them for malicious activities. The latest version of WormGPT offers lifetime access for $220, or a monthly fee of $50.
Read Post
astra

Prompt Injection Attacks in LLMs: Complete Guide for 2026

Dec 4, 2025 By Keshav Malik In Astra
In February 2023, a Stanford University student conducted a study that turned into one of the most widely followed security tests in AI history. Kevin Liu performed a simple prompt-injection attack, tricking Microsoft Bing Chat into disclosing its internal codename, Sydney, and exposing the entire list of its system prompts. The attack utilized no high-end toolkit, no zero-day, and no privileges, only specially crafted natural language.
Read Post

Server Side XSS Explained Simply with Examples

Dec 4, 2025 By VISTA InfoSec In VISTA InfoSec
Did you know that over 30% of all web application vulnerabilities reported each year involve Cross Site Scripting (XSS)? And among them, Stored or Server Side XSS is consistently ranked as one of the most dangerous forms, because a single injected payload can silently impact hundreds or even thousands of users without any interaction.
View Video
CrowdStrike

Indirect Prompt Injection Attacks: A Lurking Risk to AI Systems

Dec 4, 2025 By John Gamble In CrowdStrike
The rapid adoption of AI has introduced a new, semantic attack vector that many organizations are ill-prepared to defend against: prompt injection. While many security teams understand the threat of direct prompt injection attacks against AI agents developed by their organizations, another more subtle threat lurks in the shadows: indirect prompt injection attacks.
Read Post
knowbe4

Report: Sophisticated Fraud Attacks Are on the Rise

Dec 4, 2025 By KnowBe4 Team In KnowBe4
Sophisticated online fraud techniques are growing more accessible to unskilled attackers, driven by AI tools and fraud-as-a-service platforms, according to Sumsub’s latest Identity Fraud Report. “hile the volume of attacks remains staggering, the nature of fraud is shifting,” the researchers write.
Read Post
WatchGuard Threat Lab's top six cybersecurity predictions for 2026

WatchGuard Threat Lab's top six cybersecurity predictions for 2026

Dec 2, 2025 By WatchGuard In WatchGuard
WatchGuard has revealed its top six cybersecurity predictions for 2026, forecasting a year where AI-driven threats, regulatory pressures, and the decline of legacy tools will reshape the security landscape. Corey Nachreiner, chief security officer at WatchGuard Technologies, emphasises that organisations must prepare for rapid evolution in both attack methods and defensive strategies.
Read Post
Trustwave

Defining and Defending Against a Zero Day Attack

Dec 2, 2025 By Trustwave In Trustwave
Unexpected attacks are the hardest to fend off. In the realm of cyber, Zero Day vulnerabilities are among the greatest risks, as these software flaws are unknown and exploited before a fix is available, potentially compromising the thousands of organizations that are unwittingly using vulnerable software.
Read Post
memcyco

Why Account Takeover Is a CX Problem, Not Just a Security One

Dec 2, 2025 By Julian Agudelo In Memcyco
Account takeover is usually and unsurprisingly approached as a security incident, yet much of the customer impact begins earlier in the journey, long before security teams detect or analyse the event. When users face friction, lockouts, or unexpected changes to their accounts, trust starts to erode. This makes the account takeover impact on customer experience a major determinant of brand trust and loyalty.
Read Post
levelblue

Defining and Defending Against a Zero Day Attack

Dec 2, 2025 By LevelBlue In LevelBlue
Unexpected attacks are the hardest to fend off. In the realm of cyber, Zero Day vulnerabilities are among the greatest risks, as these software flaws are unknown and exploited before a fix is available, potentially compromising the thousands of organizations that are unwittingly using vulnerable software.
Read Post
Why 24/7 Incident Response Is Now a Business Necessity in 2025

Why 24/7 Incident Response Is Now a Business Necessity in 2025

Nov 27, 2025 By SecuritySenses In SecuritySenses
In 2025, businesses operate in a digital environment where cyber threats occur continuously, without regard for time zones, business hours, or team availability. The traditional model of reactive security, where businesses respond only after a breach is detected, is no longer sufficient. Attackers today rely on automation, AI-powered intrusion tools, and global networks of compromised devices that operate around the clock. This means a company that only monitors its systems during office hours is essentially leaving the door open for attackers the remaining sixteen hours of the day.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.