Sponsor of the Day:
Jerkmate
https://www.first.org/global/sigs/dns/stakeholder-advice/detection/infiltration-and-exfiltration-via-the-dns
DNS Abuse Detection: Infiltration and exfiltration via the DNS
dns abuse detectionexfiltration viainfiltration
https://l0.cm/svg_font/poc.php
Data Exfiltration via CSS + SVG Font - PoC (Safari only)
data exfiltrationvia csssvgfontpoc
https://www.mitiga.io/blog/ai-agent-supply-chain-risk-silent-codebase-exfiltration-via-skills
AI Agent Supply Chain Risk: Silent Codebase Exfiltration via Skills
Mitiga Labs shows how a malicious AI agent skill can silently exfiltrate an entire codebase, exposing a new supply chain risk in agentic AI environments.
supply chain riskexfiltration viaagentsilentcodebase
https://simonwillison.net/2024/Aug/20/data-exfiltration-from-slack-ai/
Data Exfiltration from Slack AI via indirect prompt injection
Today's prompt injection data exfiltration vulnerability affects Slack. Slack AI implements a RAG-style chat search interface against public and private data...
via indirect promptdata exfiltrationslack aiinjection
https://www.promptarmor.com/resources/data-exfiltration-from-writer-com-via-indirect-prompt-injection
Data Exfiltration from Writer.com via Indirect Prompt Injection
This vulnerability allows attackers to steal a user’s private documents by manipulating the language model used for content generation.
via indirect promptdata exfiltrationwriterinjection
https://blog.pypi.org/posts/2025-09-16-github-actions-token-exfiltration/
Token Exfiltration Campaign via GitHub Actions Workflows - The Python Package Index Blog
Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your projects.
via github actionspython package indextokenexfiltrationcampaign
https://www.promptarmor.com/resources/data-exfiltration-from-slack-ai-via-indirect-prompt-injection
Data Exfiltration from Slack AI via Indirect Prompt Injection
This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation.
via indirect promptdata exfiltrationslack aiinjection