Today’s threat landscape is highlighted by a novel phishing technique dubbed ‘CoPhish,’ which leverages Microsoft Copilot agents to steal valuable OAuth tokens. This new attack vector underscores the growing security risks at the intersection of AI and user identity. We are also tracking significant vulnerabilities introduced by emerging AI browser agents and the privacy implications of expanding AI-powered government surveillance. This is what you need to know now.
Top 2 Critical Security Alerts
- New CoPhish attack steals OAuth tokens via Copilot Studio agents: A novel phishing technique weaponizes Microsoft Copilot Studio agents to steal OAuth tokens by delivering fraudulent consent requests through trusted Microsoft domains. Read more
- The glaring security risks with AI browser agents: New AI-powered browsers from OpenAI and Perplexity, while boosting productivity, introduce significant security vulnerabilities like data leakage and prompt injection attacks. Read more
Threat Intelligence
- New CoPhish attack steals OAuth tokens via Copilot Studio agents: A novel phishing technique weaponizes Microsoft Copilot Studio agents to steal OAuth tokens by delivering fraudulent consent requests through trusted Microsoft domains. Read more
Security Breaches & Incidents
- ICE is building a social media panopticon: U.S. Immigration and Customs Enforcement (ICE) is reportedly expanding a massive AI-powered surveillance system to monitor social media and track millions of web users. Read more
- ChatGPT’s memory could turn personal details into ads OpenAI CEO Altman once called dystopian: Concerns are rising that ChatGPT’s new memory features could be used to harvest personal user details for advertising, a practice previously criticized by OpenAI’s CEO. Read more
Security Tools & Best Practices
- MPs urge government to stop Britain’s phone theft wave through tech: UK Members of Parliament are pushing the government to implement technological solutions to combat the rising wave of phone theft across the country. Read more
Emerging Security Technologies
- The glaring security risks with AI browser agents: New AI-powered browsers from OpenAI and Perplexity, while boosting productivity, introduce significant security vulnerabilities like data leakage and prompt injection attacks. Read more
- Junk data from X makes large language models lose reasoning skills, researchers show: Research shows that training large language models on low-quality data can permanently degrade their reasoning capabilities, posing a long-term risk to AI integrity. Read more
