Whisper Leak Attack: AI Chatbots Vulnerable Despite Encryption

Cyber Security News by CyberSum.net

Published on November 10, 2025 at 01:22 PM

5 sources

Microsoft researchers have identified a sophisticated side-channel attack called Whisper Leak that can infer conversation topics from encrypted AI chatbot traffic. Despite TLS encryption, the attack exploits patterns in packet sizes and timing to classify user prompts. Mitigations have been implemented by multiple vendors, but the attack poses significant risks, especially in regions with oppressive surveillance. The methodology and models are publicly available on GitHub for further research.

Also Read

Lazarus Group Espionage Campaign Targets Aerospace and Defense

Security researchers at ENKI have uncovered a sophisticated espionage campaign by the Lazarus Group targeting aerospace and defense organizations. The campaign, active since March 2025, uses phishing operations with malicious Word documents disguised as legitimate communications. The documents deploy a new variant of the Comebacker backdoor, which features advanced encryption and persistence mechanisms. The campaign's focus on specific organizations indicates a targeted espionage effort, with security teams advised to implement robust defenses against macro-based malware and spear phishing attempts.

By Cyber Security News by CyberSum.netNovember 12, 2025 at 03:00 AM