The Breach News

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scanning Attack

Recent reports from cybersecurity researchers indicate a significant increase in login scanning attempts directed at Palo Alto Networks PAN-OS GlobalProtect gateways. An alarming total of nearly 24,000 unique IP addresses have been identified in this activity, raising concerns about the integrity of these critical systems. This surge, which the threat…

Read MoreNearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scanning Attack

Watchdog Reports Government Cannot Determine Financial Impact of Afghan Data Breach

The UK’s Ministry of Defence (MoD) is facing scrutiny regarding its secret relocation plan set up in response to a major data leak involving Afghan individuals. The National Audit Office (NAO) has announced that the MoD is unable to accurately determine the total financial impact of this plan, which aims…

Read MoreWatchdog Reports Government Cannot Determine Financial Impact of Afghan Data Breach

SonicWall Acknowledges Ongoing Exploitation of Vulnerabilities Impacting Various Appliance Models

SonicWall Acknowledges Exploitation of Critical Vulnerabilities in SMA100 Series Devices SonicWall has confirmed that two significant vulnerabilities within its SMA100 Secure Mobile Access appliances have been actively exploited. These flaws, recently patched, pose serious risks to organizations utilizing these devices, particularly those in sensitive sectors. The first vulnerability, identified as…

Read MoreSonicWall Acknowledges Ongoing Exploitation of Vulnerabilities Impacting Various Appliance Models

Attackers Bombard NPM Repository with 15,000+ Spam Packages Loaded with Phishing Links

Recent developments in the open-source software landscape indicate a significant threat, as over 15,000 spam packages have infiltrated the npm repository. These malicious packages aim to disseminate phishing links, posing a considerable risk to users and businesses alike. According to Checkmarx researcher Yehuda Gelb, the packages were generated through automated…

Read MoreAttackers Bombard NPM Repository with 15,000+ Spam Packages Loaded with Phishing Links

Silver Fox APT Exploits Windows Driver in Ongoing Campaign

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Exploitation of Microsoft Blocklist Gap: Silver Fox’s Undetected Operations Pooja Tikekar ( @PoojaTikekar) • September 2, 2025 Image: Jim Cumming/Shutterstock A cyber-espionage campaign attributed to a Chinese nation-state actor, identified as Silver Fox, has successfully exploited a gap in Microsoft’s signed driver…

Read MoreSilver Fox APT Exploits Windows Driver in Ongoing Campaign

Cloudflare Confirms Data Breach Associated with Salesforce and Salesloft Drift

Cloudflare has confirmed a data breach linked to Salesforce through the Salesloft Drift integration, resulting in the exposure of customer support case data while keeping core systems intact. In a recent disclosure, Cloudflare acknowledged that a supply chain attack on Salesloft Drift led to the exposure of sensitive customer support…

Read MoreCloudflare Confirms Data Breach Associated with Salesforce and Salesloft Drift

Lucid PhaaS Achieves 169 Targets Across 88 Countries with iMessage and RCS Smishing Attacks

A recent investigation has unveiled a sophisticated phishing-as-a-service (PhaaS) platform named Lucid, which is reportedly targeting 169 entities across 88 countries. The modus operandi involves smishing—phishing via SMS—leveraging Apple iMessage and Rich Communication Services (RCS) on Android devices. This approach enables cybercriminals to exploit legitimate communication channels, effectively bypassing conventional…

Read MoreLucid PhaaS Achieves 169 Targets Across 88 Countries with iMessage and RCS Smishing Attacks

Zscaler and Palo Alto Networks Hacked Through Salesloft Drift – Dark Reading

Data Breach Targets Zscaler and Palo Alto Networks through Salesloft Drift Vulnerability In a recent cybersecurity incident, Zscaler and Palo Alto Networks have fallen victim to a breach facilitated through a vulnerability in the Salesloft Drift platform. This breach is a stark reminder of the ever-evolving landscape of cyber threats…

Read MoreZscaler and Palo Alto Networks Hacked Through Salesloft Drift – Dark Reading

New Study Finds: 95% of AppSec Remediations Fail to Mitigate Risk

For over ten years, application security teams have encountered a perplexing issue: with enhanced detection tools came increasingly irrelevant outcomes. As alerts from static analysis tools, scanners, and CVE databases surged, the expected promise of improved security slipped further away, morphing into a cycle of alert fatigue and strained resources.…

Read MoreNew Study Finds: 95% of AppSec Remediations Fail to Mitigate Risk