SonicWall Acknowledges Exploitation of Critical Vulnerabilities in SMA100 Series Devices SonicWall has confirmed that two significant vulnerabilities within its SMA100 Secure Mobile Access appliances have been actively exploited. These flaws, recently patched, pose serious risks to organizations utilizing these devices,…
Recent developments in the open-source software landscape indicate a significant threat, as over 15,000 spam packages have infiltrated the npm repository. These malicious packages aim to disseminate phishing links, posing a considerable risk to users and businesses alike. According to…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Exploitation of Microsoft Blocklist Gap: Silver Fox’s Undetected Operations Pooja Tikekar ( @PoojaTikekar) • September 2, 2025 Image: Jim Cumming/Shutterstock A cyber-espionage campaign attributed to a Chinese nation-state actor, identified as Silver…
Cloudflare has confirmed a data breach linked to Salesforce through the Salesloft Drift integration, resulting in the exposure of customer support case data while keeping core systems intact. In a recent disclosure, Cloudflare acknowledged that a supply chain attack on…
A recent investigation has unveiled a sophisticated phishing-as-a-service (PhaaS) platform named Lucid, which is reportedly targeting 169 entities across 88 countries. The modus operandi involves smishing—phishing via SMS—leveraging Apple iMessage and Rich Communication Services (RCS) on Android devices. This approach…
Data Breach Targets Zscaler and Palo Alto Networks through Salesloft Drift Vulnerability In a recent cybersecurity incident, Zscaler and Palo Alto Networks have fallen victim to a breach facilitated through a vulnerability in the Salesloft Drift platform. This breach is…
For over ten years, application security teams have encountered a perplexing issue: with enhanced detection tools came increasingly irrelevant outcomes. As alerts from static analysis tools, scanners, and CVE databases surged, the expected promise of improved security slipped further away,…
Recent developments in cybersecurity have illuminated a sophisticated backdoor associated with a malware downloader known as Wslink, believed to be utilized by the notorious Lazarus Group, an actor aligned with North Korean interests. The findings, reported by ESET, highlight a…
Recent disclosures of ChatGPT conversations reveal a troubling trend: users are divulging sensitive personal information and seeking mental health advice, underscoring the dangers of oversharing with AI chatbots. In August 2025, a large volume of ChatGPT discussions surfaced online, leading…
Hackers leveraged vulnerabilities in the Salesloft Drift application to acquire OAuth tokens, resulting in unauthorized access to Salesforce data and exposing sensitive customer information at several major technology companies. A significant cyber intrusion has involved a group known as UNC6395,…
