Zero-Click

2 minute read

LANDFALL Spyware Targeted Samsung Galaxy Phones via Malicious Images

Unit 42 discovered LANDFALL, commercial-grade Android spyware, which used a hidden image vulnerability (CVE-2025-21042) to remotely spy on Samsung Galaxy users via WhatsApp. Update your phone now.

byDeeba Ahmed

November 10, 2025

New ChatGPT Vulnerabilities Let Hackers Steal Data, Hijack Memory

2 minute read

Security

New ChatGPT Vulnerabilities Let Hackers Steal Data, Hijack Memory

Seven vulnerabilities in ChatGPT (including GPT-5) allow attackers to use '0-click' and 'memory injection' to bypass safety features and persistently steal private user data and chat history. Tenable Research exposes the flaws.

byDeeba Ahmed

November 6, 2025

2 minute read

Shadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk

Operant AI reveals Shadow Escape, a zero-click attack using the MCP flaw in ChatGPT, Gemini, and Claude to secretly steal trillions of SSNs and financial data. Traditional security is blind to this new AI threat.

byDeeba Ahmed

October 23, 2025

2 minute read

ShadowLeak Exploit Exposed Gmail Data Through ChatGPT Agent

Radware researchers revealed a service-side flaw in OpenAI's ChatGPT. The ShadowLeak attack had used indirect prompt injection to bypass defences and leak sensitive data, but the issue has since been fixed.

byDeeba Ahmed

September 22, 2025

3 minute read

EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data

Aim Labs uncovers EchoLeak, a zero-click AI flaw in Microsoft 365 Copilot that allows data theft via email. Learn how this vulnerability enables sensitive information exfiltration without user interaction and its implications for AI security.

byDeeba Ahmed

June 12, 2025

2 minute read

NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU

iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU high-value individuals…

byDeeba Ahmed

June 6, 2025

2 minute read

Israeli Spyware Firm Paragon Linked to WhatsApp Zero-Click Attack

WhatsApp recently revealed a targeted spyware campaign linked to the Israeli firm Paragon, which affected 90 individuals, including…

byDeeba Ahmed

February 1, 2025

The Latest

Firebase Misconfiguration Exposes 300M Messages From Chat & Ask AI Users

Mate Security Introduces the Security Context Graph, an Approach to Smarter SOCs

CredShields Contributes to OWASP’s 2026 Smart Contract Security Priorities

Cybersecurity Excellence Awards Reveal Nomination Shift from AI Hype to Governance Execution

Zero-Click

LANDFALL Spyware Targeted Samsung Galaxy Phones via Malicious Images

New ChatGPT Vulnerabilities Let Hackers Steal Data, Hijack Memory

Shadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk

ShadowLeak Exploit Exposed Gmail Data Through ChatGPT Agent

EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data

NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU

Israeli Spyware Firm Paragon Linked to WhatsApp Zero-Click Attack

CredShields Contributes to OWASP’s 2026 Smart Contract Security Priorities

Cybersecurity Excellence Awards Reveal Nomination Shift from AI Hype to Governance Execution

Realmo Launches Location Intelligence Engine to Match Vacant Properties with Their Best Use

GitGuardian Raises $50M Series C to Address Non-Human Identities Crisis and AI Agent Security Gap

Criminal IP Integrates with IBM QRadar to Deliver Real-Time Threat Intelligence Across SIEM and SOAR