ShinyHunters Hackers Abuse Salesforce OAuth to Bypass MFA and Exfiltrate CRM Data

A series of high-impact campaigns linked by overlapping tradecraft to ShinyHunters, in which attackers abused trusted Salesforce OAuth relationships to bypass conventional MFA protections, establish persistence, and exfiltrate CRM data at scale. The activity, observed from mid-202520252025 through mid-202620262026, affected…

Pro-Iran Hacktivist Groups Launch DDoS and Hack-and-Leak Attacks Against Critical Infrastructure

A decentralized network of pro-Iran hacktivist groups is intensifying cyber operations against critical infrastructure, government entities, technology providers, and organizations perceived as aligned with U.S., Israeli, or Western interests. The activity is dominated by distributed denial-of-service attacks, defacements, credential-focused operations,…

Critical ServiceNow AI Platform Flaw Allows Unauthenticated Attackers to Escape Sandbox and Execute Remote Code

ServiceNow has released security updates to address a critical remote code execution vulnerability in its AI Platform. This vulnerability, tracked as CVE-2026-6875, could allow unauthenticated attackers to execute code within affected ServiceNow environments. The issue is described as a sandbox-escape…

NSA Warns Russian State-Sponsored Hackers Exploiting Vulnerable Routers to Target Critical Infrastructure

The U.S. National Security Agency (NSA) and international cybersecurity partners have issued a warning that Russian state-sponsored threat actors are actively exploiting vulnerable and poorly configured network routers to access organizations in critical infrastructure sectors. In a joint Cybersecurity Advisory…

IT Security News Daily Summary 2026-07-13

141 posts were published in the last hour 20:34 : Beyond Cloud Uptime: API Security and AI Resilience for 2026 20:7 : Implementing Zero-Trust Networking and Identity for Microsoft Foundry Agents 20:7 : Apple says former employee exploited ‘rare’ bug…