News brief: Collaboration apps face security scrutiny -- again
Check out the latest security news from the Informa TechTarget team.
Collaboration tools are a staple in the modern workforce. The keystone to getting work done, team collaboration tools such as Slack, Teams, Zoom, Trello, Notion and Google Workspace enable employees far and wide to message each other, share documents and files, communicate in real time via voice and video conferencing, and track assignments.
But what happens when those tools that boost productivity and improve employees' focus become a security threat?
Mimecast's "The State of Human Risk 2025" found that 79% of security leaders think collaboration tools pose new threats, and 61% claimed their organization expects to experience a breach related to a collaboration tool.
This week's featured news focuses on two attacks related to prominent enterprise collaboration tools, as well as new vulnerabilities in the already security-problematic ChatGPT.
Nikkei suffers major slack data breach
Japanese media conglomerate Nikkei Inc. on Wednesday disclosed a data breach affecting more than 17,000 employee Slack accounts.
The incident occurred when an employee's personal computer was infected with malware, leading to the theft of their Slack authentication credentials. Attackers used these credentials to gain unauthorized access to the company's Slack workspace, exposing names, email addresses and chat histories of employees and business partners.
The breach was discovered in September, prompting immediate security measures, including password changes.
Teams flaws enable message manipulation and executive impersonation
Check Point Research discovered four critical vulnerabilities in Microsoft Teams that enable attackers to manipulate messages, spoof notifications and impersonate executives. For example, attackers can edit messages without leaving "edited" labels, alter message notifications to appear from different senders, change display names in private chats and change caller identities in video and audio calls.
The vulnerabilities affect Teams' 320-plus million users and pose significant risks for business email compromise and social engineering attacks.
Microsoft has addressed the issues through multiple fixes, with the most recent updates completed last month focusing on audio and video message problems. The discovery highlights growing concerns about sophisticated attacks targeting corporate executives and privileged accounts through manipulation of trusted communication platforms.
ChatGPT vulnerabilities enable data theft and user manipulation
Tenable researchers discovered seven critical vulnerabilities in OpenAI's ChatGPT that could expose millions of users to privacy breaches and manipulation attacks.
The flaws stem from how ChatGPT and SearchGPT process external web content, enabling attackers to inject malicious prompts through blog comments, poisoned search results and specially crafted URLs. Key attack methods include indirect prompt injection via trusted websites, one-click exploitation through malicious ChatGPT URLs and zero-click vulnerabilities.
The flaws enable attackers to exfiltrate private chat histories, bypass safety filters and create persistent access. While reported to OpenAI in April, many issues remain unresolved, highlighting ongoing security challenges in large language models and the need for enterprise caution when integrating AI chatbots.
Read the full story by Jai Vijayan on Dark Reading.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Sharon Shea is executive editor of Informa TechTarget's SearchSecurity site.
