This daily threat summary highlights a significant surge in reconnaissance scans targeting Palo Alto Networks portals, signaling potential future attacks. Additionally, Discord has disclosed a data breach exposing user information via a third-party compromise, and a novel ‘CometJacking’ attack demonstrates new risks in AI-powered browsers. These incidents underscore the evolving threats to network infrastructure, user data, and emerging technologies.
Top 3 Critical Security Alerts
- Massive surge in scans targeting Palo Alto Networks login portals: Threat actors are conducting widespread reconnaissance against Palo Alto Networks login portals, with scanning activity increasing by 500%, indicating preparation for potential attacks. Read more
- Discord discloses data breach after hackers steal support tickets: Discord has confirmed a data breach originating from a compromised third-party support agent, exposing user PII, partial payment info, and government-issued IDs from support tickets. Read more
- CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief: Researchers have detailed a new prompt injection attack, “CometJacking,” that can compromise Perplexity’s Comet AI browser with a single malicious link to steal sensitive data from connected services. Read more
Security Breaches & Incidents
- Event startup Partiful wasn’t stripping GPS locations from user-uploaded photos: The event planning app Partiful exposed granular GPS location data from user-uploaded photos, a privacy flaw that has since been fixed after being reported. Read more
- A breach every month raises doubts about South Korea’s digital defenses: A consistent string of data breaches in South Korea is raising significant concerns about the nation’s cybersecurity posture and its ability to protect its advanced digital infrastructure. Read more
Cloud & Network Security
- Massive surge in scans targeting Palo Alto Networks login portals: Threat actors are conducting widespread reconnaissance against Palo Alto Networks login portals, with scanning activity increasing by 500%, indicating preparation for potential attacks. Read more
Emerging Security Technologies
- CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief: Researchers have detailed a new prompt injection attack, “CometJacking,” that can compromise Perplexity’s Comet AI browser with a single malicious link to steal sensitive data from connected services. Read more
- Anker offered Eufy camera owners $2 per video for AI training: Anker’s Eufy brand solicited customer videos for AI training in exchange for a small payment, raising privacy concerns about how user surveillance data is collected and utilized. Read more
Security Tools & Best Practices
- ICE wants to build a 24/7 social media surveillance team: U.S. Immigration and Customs Enforcement (ICE) is planning to hire contractors for round-the-clock social media surveillance to identify individuals for deportation, expanding its digital monitoring capabilities. Read more
