In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps connected to Salesforce. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce…
Tag: EN
Another Salesforce-linked data breach has ShinyHunters’ fingerprints all over it
They keep coming back for more Salesforce has disclosed another third-party breach in which criminals – likely ShinyHunters (again) – may have accessed its customers’ data.… This article has been indexed from The Register – Security Read the original article:…
NDSS 2025 – Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse
SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Runze Zhang (Georgia Institute of Technology), Mingxuan Yao (Georgia Institute of Technology), Haichuan Xu (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Jeman Park (Kyung Hee University),…
Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops
US, Australia and UK sanctioned 2 Russian bulletproof hosting providers accused of aiding groups like LockBit, BlackSuit and Play. US, Australia and UK sanctioned two Russian bulletproof hosting providers accused of aiding groups like LockBit, BlackSuit and Play. Coordinated sanctions…
Transfer data across AWS partitions with IAM Roles Anywhere
Transfer across AWS Cloud partitions. Different identity planes. Long-lived IAM user credentials. As an enterprise customer, you might need to bring together security, operational, and compliance data from multiple AWS partitions. Creating a holistic view of these types of data…
Mozilla Says It’s Finally Done With Two-Faced Onerep
In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity revealed Onerep’s founder…
Salesforce says some of its customers’ data was accessed after Gainsight breach
Salesforce said it’s investigating an incident where hackers compromised some of its customers’ data after breaching customer experience company Gainsight. This article has been indexed from Security News | TechCrunch Read the original article: Salesforce says some of its customers’…
LLM-generated malware is improving, but don’t expect autonomous attacks tomorrow
Researchers tried to get ChatGPT to do evil, but it didn’t do a good job LLMs are getting better at writing malware – but they’re still not ready for prime time.… This article has been indexed from The Register –…
It’s not personal, it’s just business
Martin muses on how agentic AI is bringing efficiency improvements to the business of cyber crime. This article has been indexed from Cisco Talos Blog Read the original article: It’s not personal, it’s just business
Everest Ransomware Says It Breached Brazilian Energy Giant Petrobras
Everest ransomware claims to have stolen over 180GB of seismic survey data from Petrobras, demanding contact through qTox with a countdown in place. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More…
WhatsApp Flaw Enables Massive Scraping of 3.5 Billion User Accounts
A WhatsApp flaw allowed researchers to scrape 3.5 billion accounts, showing how simple app features can create serious security risks. The post WhatsApp Flaw Enables Massive Scraping of 3.5 Billion User Accounts appeared first on eSecurity Planet. This article has…
Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing
Posted by Dave Kleidermacher, VP, Platforms Security & Privacy, Google Technology should bring people closer together, not create walls. Being able to communicate and connect with friends and family should be easy regardless of the phone they use. That’s why…
Techstrong Group and DigiCert Unveil the “Quantum Security 25” to Spotlight Leaders Shaping the Future of Quantum Security
Inaugural awards celebrate the pioneers turning quantum’s promise into real-world impact, bridging theory and practice in the next era of secure computing Boca Raton, FL, November 20, 2025 — Techstrong Group, in collaboration with DigiCert, today announced the launch of…
Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows
Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that’s targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control (C2) server, Kaspersky researcher Lisandro Ubiedo said in an…
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0, is an…
Emerson Appleton UPSMON-PRO
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: Appleton UPSMON-PRO Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected…
ICAM365 CCTV Camera Multiple Models
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: iCam365 Equipment: P201 and QC021 Vulnerabilities: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized exposure of camera video…
Opto 22 GRV-EPIC and groov RIO
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.5 ATTENTION: Exploitable remotely Vendor: Opto 22 Equipment: GRV-EPIC-PR1, GRV-EPIC-PR2, groov RIO Vulnerability: Improper Neutralization of Special Elements used in an OS Command 2. RISK EVALUATION Successful exploitation of this vulnerability could result…
NDSS 2025 – Detecting And Interpreting Inconsistencies In App Behaviors
SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Chang Yue (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Zhixiu Guo (Institute of Information…
How to update CRLs without public access using AWS Private CA
Certificates and the hierarchy of trust they create are the backbone of a secure infrastructure. AWS Private Certificate Authority is a highly available certificate authority (CA) that you can use to create private CA hierarchies, secure your applications and devices…