Category data-breaches

FBI Alerts on UNC6040 and UNC6395 Targeting Salesforce for Data Theft

September 13, 2025
Cyber Attack / Data Breach

The FBI has released a flash alert highlighting indicators of compromise linked to two cybercriminal groups, UNC6040 and UNC6395, known for their recent data theft and extortion campaigns. Both groups have been reported to target organizations’ Salesforce platforms using various initial access methods.

UNC6395 has been notably associated with a significant data theft operation in August 2025, where compromised OAuth tokens from the Salesloft Drift application were exploited. This vulnerability stemmed from a breach of Salesloft’s GitHub account between March and June 2025. In response, Salesloft has isolated the Drift infrastructure and temporarily disabled the AI chatbot application while implementing enhanced multi-factor authentication measures.

FBI Issues Alert on Cybercriminal Groups Targeting Salesforce Platforms September 13, 2025 In a concerning development, the Federal Bureau of Investigation (FBI) has issued a flash alert regarding two cybercriminal factions, referred to as UNC6040 and UNC6395, who are orchestrating a series of data theft and extortion attacks. This alert…

Read More

FBI Alerts on UNC6040 and UNC6395 Targeting Salesforce for Data Theft

September 13, 2025
Cyber Attack / Data Breach

The FBI has released a flash alert highlighting indicators of compromise linked to two cybercriminal groups, UNC6040 and UNC6395, known for their recent data theft and extortion campaigns. Both groups have been reported to target organizations’ Salesforce platforms using various initial access methods.

UNC6395 has been notably associated with a significant data theft operation in August 2025, where compromised OAuth tokens from the Salesloft Drift application were exploited. This vulnerability stemmed from a breach of Salesloft’s GitHub account between March and June 2025. In response, Salesloft has isolated the Drift infrastructure and temporarily disabled the AI chatbot application while implementing enhanced multi-factor authentication measures.

⚡ Weekly Roundup: Evolving Threats—Bootkit Malware, AI-Enhanced Attacks, Supply Chain Vulnerabilities, Zero-Day Exploits & More

Sep 15, 2025
Cybersecurity / Hacking News

In today’s landscape of relentless threats, the role of the modern CISO extends beyond mere technology security—it’s about safeguarding institutional trust and ensuring business continuity. This week revealed a disturbing trend: adversaries are increasingly targeting the intricate networks that connect businesses, from supply chains to strategic partnerships. As new regulations emerge and AI-driven attacks escalate, the choices you make now will define your organization’s resilience for years to come. This report isn’t just a list of threats; it’s a strategic framework for effective leadership. Here’s your comprehensive weekly recap, filled with insights to keep you ahead in the game.

⚡ Threat of the Week

New HybridPetya Ransomware Bypasses UEFI Secure Boot — A new variant of the notorious Petya/NotPetya malware, named HybridPetya, has been identified. While there is currently no data indicating its deployment in the wild, it stands out for its ability to compromise the secure boot feature.

Weekly Cybersecurity Recap: Ransomware Innovations, AI-Assisted Attacks, and Supply Chain Vulnerabilities Date: September 15, 2025 Category: Cybersecurity / Hacking News In an era where cybersecurity threats are ever-evolving, the chief information security officer (CISO) faces a daunting challenge: beyond merely safeguarding technology, their primary responsibility is to uphold institutional trust…

Read More

⚡ Weekly Roundup: Evolving Threats—Bootkit Malware, AI-Enhanced Attacks, Supply Chain Vulnerabilities, Zero-Day Exploits & More

Sep 15, 2025
Cybersecurity / Hacking News

In today’s landscape of relentless threats, the role of the modern CISO extends beyond mere technology security—it’s about safeguarding institutional trust and ensuring business continuity. This week revealed a disturbing trend: adversaries are increasingly targeting the intricate networks that connect businesses, from supply chains to strategic partnerships. As new regulations emerge and AI-driven attacks escalate, the choices you make now will define your organization’s resilience for years to come. This report isn’t just a list of threats; it’s a strategic framework for effective leadership. Here’s your comprehensive weekly recap, filled with insights to keep you ahead in the game.

⚡ Threat of the Week

New HybridPetya Ransomware Bypasses UEFI Secure Boot — A new variant of the notorious Petya/NotPetya malware, named HybridPetya, has been identified. While there is currently no data indicating its deployment in the wild, it stands out for its ability to compromise the secure boot feature.

Models Defy Norms to Support Their Peers

Agentic AI, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Research Uncovers Autonomous AI Behaviors Aimed at Preserving Peers Rashmi Ramesh (rashmiramesh_) • April 6, 2026 Image: One Time/Shutterstock Recent research indicates that artificial intelligence systems can engage in deceptive practices, falsifying data and sabotaging operational protocols in…

Read MoreModels Defy Norms to Support Their Peers

New Phoenix RowHammer Attack Overcomes DDR5 Memory Protections in Just 109 Seconds

A research team from ETH Zürich and Google has unveiled a new variant of the RowHammer attack, named Phoenix, specifically targeting DDR5 memory chips produced by SK Hynix. This attack (CVE-2025-6202, CVSS score: 7.1) effectively circumvents advanced security measures designed to protect against such vulnerabilities. “Our findings confirm that it is possible to consistently trigger RowHammer bit flips on a wider scale with SK Hynix’s DDR5 devices,” stated ETH Zürich’s Computer Security Group (COMSEC). “We also demonstrated that on-die ECC fails to prevent RowHammer attacks, making end-to-end RowHammer exploits feasible on DDR5.” RowHammer is a critical hardware vulnerability where repetitive access to a memory row can induce bit flips in neighboring rows, leading to data corruption that malicious actors can exploit to access sensitive information or elevate privileges.

New Phoenix RowHammer Attack Compromises DDR5 Memory Protections A recent discovery made by researchers from ETH Zürich and Google has brought to light a new variant of the RowHammer attack, specifically targeting DDR5 memory chips from South Korean semiconductor manufacturer SK Hynix. This variant, dubbed Phoenix (CVE-2025-6202, CVSS score: 7.1),…

Read More

New Phoenix RowHammer Attack Overcomes DDR5 Memory Protections in Just 109 Seconds

A research team from ETH Zürich and Google has unveiled a new variant of the RowHammer attack, named Phoenix, specifically targeting DDR5 memory chips produced by SK Hynix. This attack (CVE-2025-6202, CVSS score: 7.1) effectively circumvents advanced security measures designed to protect against such vulnerabilities. “Our findings confirm that it is possible to consistently trigger RowHammer bit flips on a wider scale with SK Hynix’s DDR5 devices,” stated ETH Zürich’s Computer Security Group (COMSEC). “We also demonstrated that on-die ECC fails to prevent RowHammer attacks, making end-to-end RowHammer exploits feasible on DDR5.” RowHammer is a critical hardware vulnerability where repetitive access to a memory row can induce bit flips in neighboring rows, leading to data corruption that malicious actors can exploit to access sensitive information or elevate privileges.

Censys Secures $70M to Enhance AI-Powered Threat Intelligence

Agentic AI, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Internet Intelligence Platform Aims to Enhance Real-Time Cyber Threat Mitigation Michael Novinson (@MichaelNovinson) • April 6, 2026 Zakir Durumeric, co-founder and CEO, Censys (Image: Censys) An internet intelligence provider, spearheaded by a Stanford assistant professor, has secured $70…

Read MoreCensys Secures $70M to Enhance AI-Powered Threat Intelligence

Safeguarding the Agentic Era: Unveiling Astrix’s AI Agent Control Plane

AI agents are swiftly becoming integral to enterprises, seamlessly integrating into workflows, functioning with autonomy, and making critical decisions regarding system access and usage. However, with their increasing power and independence come heightened risks and threats. Recent studies reveal that 80% of organizations have encountered unintended actions by AI agents, ranging from unauthorized system access to data breaches. These incidents are not isolated; they are the predictable consequences of deploying AI agents at scale without tailored security measures. Traditional Identity and Access Management (IAM) systems were not designed to handle this paradigm shift. Agents operate rapidly and continuously, relying on non-human identities (NHIs) to dictate their permissions. So, how can organizations secure systems they can neither see nor fully manage? To tackle this challenge, a new, purpose-driven approach is essential—one that facilitates secure-by-design deployment of AI agents throughout the enterprise. Introducing: Astrix’s Agent Control Plane (ACP).

Securing the Era of Autonomous AI Agents: The Launch of Astrix’s AI Agent Control Plane As of September 16, 2025, the integration of AI agents into enterprise environments is accelerating, fundamentally changing how businesses operate. These agents are not only woven into various workflows but are increasingly functioning autonomously, determining…

Read More

Safeguarding the Agentic Era: Unveiling Astrix’s AI Agent Control Plane

AI agents are swiftly becoming integral to enterprises, seamlessly integrating into workflows, functioning with autonomy, and making critical decisions regarding system access and usage. However, with their increasing power and independence come heightened risks and threats. Recent studies reveal that 80% of organizations have encountered unintended actions by AI agents, ranging from unauthorized system access to data breaches. These incidents are not isolated; they are the predictable consequences of deploying AI agents at scale without tailored security measures. Traditional Identity and Access Management (IAM) systems were not designed to handle this paradigm shift. Agents operate rapidly and continuously, relying on non-human identities (NHIs) to dictate their permissions. So, how can organizations secure systems they can neither see nor fully manage? To tackle this challenge, a new, purpose-driven approach is essential—one that facilitates secure-by-design deployment of AI agents throughout the enterprise. Introducing: Astrix’s Agent Control Plane (ACP).

Trump’s Budget Plan Proposes Major Cuts to CISA Following Challenging Year

Government, Industry Specific, Regulation White House Proposes Significant Cuts to Cyber Defense Agency’s Budget Chris Riotta (@chrisriotta) • April 6, 2026 The White House is proposing substantial reductions to CISA’s budget for fiscal year 2027. (Image: Shutterstock) The White House has unveiled a budget proposal for fiscal year 2027 that…

Read MoreTrump’s Budget Plan Proposes Major Cuts to CISA Following Challenging Year

Attackers Exploit Zero-Day Vulnerability in Fortinet Security Software

Governance & Risk Management, Network Firewalls, Network Access Control, Patch Management Vendor Releases Emergency Patch for Critical Vulnerability in FortiClient Endpoint Management Server Mathew J. Schwartz (euroinfosec) • April 6, 2026 Image: Shutterstock Fortinet has initiated an urgent response to a significant security threat by releasing emergency patches in light…

Read MoreAttackers Exploit Zero-Day Vulnerability in Fortinet Security Software