Collaboration instruments are a staple within the trendy workforce. The keystone to getting work completed, group collaboration instruments similar to Slack, Groups, Zoom, Trello, Notion and Google Workspace allow staff far and extensive to message one another, share paperwork and information, talk in actual time by way of voice and video conferencing, and observe assignments.
However what occurs when these instruments that enhance productiveness and enhance staff’ focus turn into a safety menace?
Mimecast’s “The State of Human Danger 2025” discovered that 79% of safety leaders assume collaboration instruments pose new threats, and 61% claimed their group expects to expertise a breach associated to a collaboration instrument.
This week’s featured information focuses on two assaults associated to distinguished enterprise collaboration instruments, in addition to new vulnerabilities within the already security-problematic ChatGPT.
Nikkei suffers main slack information breach
Japanese media conglomerate Nikkei Inc. on Wednesday disclosed a knowledge breach affecting greater than 17,000 worker Slack accounts.
The incident occurred when an worker’s private laptop was contaminated with malware, resulting in the theft of their Slack authentication credentials. Attackers used these credentials to achieve unauthorized entry to the corporate’s Slack workspace, exposing names, electronic mail addresses and chat histories of staff and enterprise companions.
The breach was found in September, prompting fast safety measures, together with password modifications.
Groups flaws allow message manipulation and govt impersonation
Verify Level Analysis found 4 essential vulnerabilities in Microsoft Groups that allow attackers to govern messages, spoof notifications and impersonate executives. For instance, attackers can edit messages with out leaving “edited” labels, alter message notifications to look from totally different senders, change show names in personal chats and alter caller identities in video and audio calls.
The vulnerabilities have an effect on Groups’ 320-plus million customers and pose important dangers for enterprise electronic mail compromise and social engineering assaults.
Microsoft has addressed the problems via a number of fixes, with the newest updates accomplished final month specializing in audio and video message issues. The invention highlights rising issues about refined assaults focusing on company executives and privileged accounts via manipulation of trusted communication platforms.
Learn the complete story by David Jones on Cybersecurity Dive.
ChatGPT vulnerabilities allow information theft and consumer manipulation
Tenable researchers found seven essential vulnerabilities in OpenAI’s ChatGPT that would expose thousands and thousands of customers to privateness breaches and manipulation assaults.
The issues stem from how ChatGPT and SearchGPT course of exterior net content material, enabling attackers to inject malicious prompts via weblog feedback, poisoned search outcomes and specifically crafted URLs. Key assault strategies embody oblique immediate injection by way of trusted web sites, one-click exploitation via malicious ChatGPT URLs and zero-click vulnerabilities.
The issues allow attackers to exfiltrate personal chat histories, bypass security filters and create persistent entry. Whereas reported to OpenAI in April, many points stay unresolved, highlighting ongoing safety challenges in massive language fashions and the necessity for enterprise warning when integrating AI chatbots.
Learn the complete story by Jai Vijayan on Darkish Studying.
Editor’s observe: An editor used AI instruments to help within the technology of this information temporary. Our professional editors at all times evaluation and edit content material earlier than publishing.
Sharon Shea is govt editor of Informa TechTarget’s SearchSecurity website.
