News for today:
- Vulnerability in ChatGPT. After letting OpenAI know first (the responsible disclosure obligation), Radware announced its discovery of ShadowLeak, a previously unknown zero-click vulnerability in ChatGPT Deep Research. The flaw allows attackers to exfiltrate sensitive information from users without any clicks, prompts or visible signs of compromise on the network or endpoint. POC was sending an email to a target user, which resulted in sensitive information being returned to the sender without the user even having to open the email. ShadowLeak operates independently and leaves no network level evidence, making these threats nearly impossible to detect from the perspective of the ChatGPT business customer. Ouch. Radware
- GreyNoise introduced its MCP Server. GreyNoise introduced its Model Context Protocol Server to provide structured access for LLMs and agents to its threat intelligence service. The GreyNoise MCP Server provides AI models and agents with access to accurate, real-time threat intelligence, so they can remain grounded in trusted, up-to-date data as they reason about security issues. Through MCP, agents can query GreyNoise in real-time to determine whether an IP is benign, malicious, suspicious, or unknown, and to identify vulnerabilities actively being exploited in the wild. GreyNoise
- Netwrix on cyberattacks in healthcare. The healthcare sector is under sustained attack, per the new Netwrix 2025 Cybersecurity Trends Report. 48% experienced at least one incident over the past 12 months. Compromised identities are a key root cause: Phishing, ransomware, and user account compromise were the most common attack types reported — threats that frequently begin with stolen credentials. Nearly one-third of respondents (31%) said their organizations had incidents involving compromised user or admin accounts. Netwrix
- Falcon Next-Gen Identity Security. CrowdStrike added new capabilities to its Falcon Next-Gen Identity Security solution. New stuff: FalconID via the Falcon for Mobile app (phishing-resistant, passwordless MFA), enhanced privileged access, and identity-driven case management. Falcon Next-Gen Identity Security was purpose-built with unified initial access, modern privileged access management, identity threat detection and response (ITDR), SaaS identity security, and agentic identity protection to stop identity-driven breaches across domains. CrowdStrike
- OPSWAT in London. OPSWAT opened its new international briefing center and cybersecurity lab in London. In addition to catering for a growing number of employees, the London office will also serve as a hub to train and certify the next generation of critical national infrastructure (CNI) cybersecurity professionals through OPSWAT Academy. OPSWAT
- Tenable Exposure Management Leadership Council. Tenable said its formed a new council to focus on maturing exposure management disciplines. Various CISOs and other cybersecurity leaders have been invited to join. The council has released its first report, too. Tenable
- New Cato PoP in Oslo. Cato opened a new datacenter in Oslo, to extend Cato’s AI-powered network security platform to locations and customers in Norway and the wider Nordics region. Cato Networks