Subscribe below for free to get these delivered straight to your inbox
Salesforce has confirmed unauthorized data access affecting some customers. The incident stemmed from a compromised OAuth token linked to the Gainsight platform.
Analysis of a campaign by the LuoYu threat actor using sophisticated impersonation and spear-phishing to deliver Gh0st RAT to a Southeast Asian foreign affairs entity.
Researchers at Malwarebytes uncovered a malvertising campaign using browser push notifications to trick users into installing the FAKEUPDATES (SocGholish) malware.
A new report from BlueVoyant reveals 98% of global firms have been negatively impacted by a supply chain breach, with 93% suffering a direct data breach.
A deep analysis of the BetterBank DeFi protocol vulnerability. Learn how a flaw in the ESTM token’s bonus reward logic allowed for the infinite minting of tokens.
Users are receiving fake calendar invites containing malicious links. Learn the facts about this phishing tactic and follow our guide to safely remove and block them.
Discover how the Chinese APT group BlackTech uses ‘PlushDaemon’ malware to infect routers, intercept traffic, and replace legitimate software updates with malware.
A public dispute has erupted between SquareX and Perplexity over an alleged vulnerability in the Comet browser, which Perplexity denies, calling it intended functionality.
Security researchers discovered Tsundere, an emerging botnet written in Node.js. It uses the Ethereum blockchain for resilient C2 communication to launch DDoS attacks.
Cybersecurity researchers discovered four new authentication coercion attack variants in Windows, leveraging DFSNM and EFS protocols to enable NTLM relay attacks.
Cybersecurity firm Cado Security reports the TeamTNT ransomware group is now targeting AWS S3 buckets, stealing data and demanding Bitcoin ransom payments.
Customer success platform Gainsight experienced a data breach involving stolen OAuth tokens, which were used to compromise connected Salesforce environments.
Cybersecurity researchers discovered a supply chain vulnerability in the Gainsight PX platform, available on Salesforce AppExchange. The flaw involved a misconfigured AWS S3 bucket and was remediated by Gainsight.
Salesforce has confirmed it is actively investigating a new security incident. This event is drawing direct comparisons to a previous compromise that involved Salesloft and Drift.
A factual breakdown of a real-world cyberattack where a fake Zoom installer led to the deployment of BlackSuit ransomware in less than three days.
Cybersecurity firm CTM360 has exposed ‘HackOnChat,’ a global WhatsApp account hijacking campaign. Attackers use SS7 exploits to intercept SMS verification codes.
The Chinese APT group Volt Typhoon compromised end-of-life SOHO routers to hijack software updates, delivering the Gh0st RAT malware to targeted networks.
The Clop ransomware gang exploited a GoAnywhere MFT zero-day to steal AWS access keys, exfiltrate terabytes of data from S3 buckets, and then delete the originals.
Gainsight disclosed a security incident where a threat actor used stolen employee credentials to access a limited number of customer Salesforce instances.
Salesforce has confirmed a security compromise affecting its Gainsight integration. Unauthorized access to a Gainsight production environment exposed customer data.
The US DoJ has indicted two Iran-linked IRGC actors for a multi-year cyber espionage campaign that stole military data to enable kinetic targeting of US personnel.
Cybersecurity researchers reveal that the APT24 group deployed BADAUDIO malware in a years-long espionage campaign targeting Taiwan and over 1,000 domains globally.
A critical security gap in the MCP API of Perplexity’s Comet browser was discovered. The flaw exposed users to system-level attacks, prompting an urgent update.
Mandiant investigators uncovered the full scope of UNC2891’s ATM fraud, which uses CACHEMONEY malware for jackpotting and a sophisticated money mule network for cash-outs.
Kaspersky reports on the PassiveNeuron campaign, a sophisticated APT attack targeting high-profile servers in finance and telecom using custom malware and Cobalt Strike.
A factual report on a cyberattack where threat actors used a password spray on an exposed RDP service to gain initial access, exfiltrate data, and deploy RansomHub.
Cybersecurity researchers have identified the Matrix Push C2 framework, which uses browser push notifications for fileless, cross-platform command and control attacks.
Researchers at Mithril Security demonstrated how ServiceNow’s AI agents can be manipulated using second-order prompts, causing one agent to attack another.
A security flaw in WhatsApp’s ‘Click to Chat’ feature led to the indexing of user phone numbers by public search engines, making the data discoverable via searches.
Microsoft mitigated a record 3.47 Tbps DDoS attack against an Azure customer. The attack, powered by the Aisuru botnet, originated from 10,000 sources globally.
A new attack method called “Sneaky 2FA” uses highly realistic, fake sign-in windows to deceive users and steal credentials. Learn the facts about this threat.
A threat actor known as WrtHug has compromised tens of thousands of End-of-Life ASUS WRT routers globally by exploiting a combination of six security flaws.
A Secureworks report finds that 45% of ransomware initial access in H1 2023 resulted from compromised credentials, with hijacked VPN accounts being the top entry point.
Security firm Bishop Fox discovered a hidden, unauthenticated API in the Comet AI browser that allowed visited websites to read files and execute commands on a user’s computer.
The Sneaky2FA phishing-as-a-service tool now inserts legitimate-looking URLs into its attack links, a new feature designed to evade security filters and bypass 2FA.
A malware campaign in Brazil is spreading the Eternidade info-stealer using a Python worm that propagates via victims’ WhatsApp for Web sessions to steal data.
Cybersecurity firm ZecOps has discovered Sturnus, a new Android trojan that abuses Accessibility Services to capture encrypted chats and gain full remote control.
Cybersecurity researchers report that certain budget Samsung phone models are being shipped with pre-installed spyware that cannot be removed by the user.
Group-IB discovered Sturnus, a new Android banking trojan targeting users in Spain. The malware steals credentials, messages, and screenshots from banking apps and messengers.
A critical Chrome zero-day vulnerability is under active exploitation. Users visiting malicious websites have experienced browser hijacking as a direct consequence.
DoorDash has confirmed a data breach exposing customer and Dasher personal information after a third-party vendor was compromised by a phishing attack.
Cybersecurity firm Armis discovered 11 “Cloud-Brk” vulnerabilities in Ubiquiti’s cloud platform, allowing unauthenticated attackers to bypass firewalls for device takeover.
A detailed report on the EdgeStepper implant, a malicious tool that reroutes DNS queries to hijack legitimate software update processes for malware deployment.
Sturnus, a new Android banking trojan, targets users in Mexico. It steals credentials via overlay attacks and exfiltrates messages from WhatsApp, Telegram, and Signal.
You must be logged in to post a comment.