Cybersecurity firm Zscaler confirmed a data breach after attackers exploited compromised OAuth tokens linked to Salesloft Drift, a Salesforce-integrated marketing platform. The attack, part of a global supply-chain campaign believed to affect more than 700 organizations, resulted in Zscaler hit in SaaS through unauthorized access to its Salesforce environment. The company stated that its core […]
Qualcomm has disclosed two critical vulnerabilities in its latest September 2025 Security Bulletin, highlighting severe issues in modem components used across mobile and automotive platforms. Identified as CVE-2025-21483 and CVE-2025-27034, both flaws carry a CVSS score of 9.8, indicating maximum severity. These Qualcomm modem flaws present significant security risks, potentially exposing affected devices to remote […]
The Wireshark Foundation has released version 4.4.9 of its widely used network traffic analyzer, delivering a maintenance update that enhances stability and resolves several key issues. Wireshark 4.4.9 fixes critical bugs, including a vulnerability in the SSH dissector (wnpa-sec-2025-03) that previously caused unexpected crashes during secure shell traffic analysis. The release improves protocol support for […]
A hacker collective has reportedly demanded that Google terminate two employees or face the release of confidential company data. In a message posted on Telegram, a group calling itself “Scattered LapSus Hunters” threatened to leak the tech giant’s databases unless the company fires Austin Larsen and Charles Carmakal, both with Google’s Threat Intelligence Group. Hackers […]
Amazon has taken active measures to disrupt a cyber-espionage operation linked to Midnight Blizzard, a Russian state-backed hacking group also tracked as APT29. The campaign targeted Microsoft 365 accounts in an attempt to steal sensitive information, according to cybersecurity researchers. As part of the intervention, Amazon disrupts Russian hackers by neutralizing infrastructure used to impersonate […]
SIM swapping attacks are surging globally, with the U.K. reporting a 1,055% increase in 2024. Criminals exploit mobile carriers to hijack phone numbers, using stolen data to bypass identity checks. These attacks enable access to bank accounts, crypto wallets, and email services. In response, eSIM emerges as key defense, offering built-in hardware security that limits […]
Microsoft is urging original equipment manufacturers to correct hardware configurations that block USB-C troubleshooting alerts in Windows 11. The company’s guidance comes as part of a broader push—Microsoft pressures OEMs to fix recurring issues that prevent users from receiving vital notifications about slow charging, unsupported accessories, and faulty connections. Although Windows 11 supports these alerts […]
Microsoft will enforce MFA for all user accounts accessing the Azure portal and related admin centers, beginning in October 2024. The phased rollout, announced on August 26, 2025, aims to curb credential-based attacks by requiring multifactor authentication for key administrative functions across Microsoft Entra, Intune, and Microsoft 365 portals. In the second phase, starting October […]
A targeted phishing campaign launched in August 2025 is exploiting malicious search engine ads to breach hotel management systems. Hackers mimic hotel software by typosquatting well-known platforms like SiteMinder and RoomRaccoon. These fake ads appear above legitimate search results, tricking hoteliers and vacation rental operators into clicking fraudulent links. Once clicked, users land on cloned […]
Salesforce has published a Forensic Investigation Guide designed to help enterprises respond faster to complex security incidents. The release, titled Salesforce Unveils Guide, offers structured methods for log analysis, automation workflows, and real-time monitoring to strengthen breach response capabilities. The guide emphasizes using Activity Logs, User Permissions, and Backup Data to reconstruct attack timelines and […]
Security researchers have uncovered a troubling trend: hackers twist macOS defenses to deploy malware using the very tools designed to protect users. Attackers now exploit Apple’s built-in security features—such as Keychain, System Integrity Protection (SIP), Transparency, Consent and Control (TCC), Gatekeeper, File Quarantine, and XProtect—to bypass protections, steal credentials, and evade detection. Kaspersky reports that […]
A critical IBM Watsonx flaw lets authenticated attackers potentially access sensitive data through the IBM Watsonx Orchestrate Cartridge in IBM Cloud Pak for Data. Tracked as CVE-2025-0165, the vulnerability affects users operating within this environment and poses a risk to data integrity and confidentiality. IBM has acknowledged the issue and is expected to release remediation […]