Recent developments in the open-source software landscape indicate a significant threat, as over 15,000 spam packages have infiltrated the npm repository. These malicious packages aim to disseminate phishing links, posing a considerable risk to users and businesses alike. According to Checkmarx researcher Yehuda Gelb, the packages were generated through automated…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Exploitation of Microsoft Blocklist Gap: Silver Fox’s Undetected Operations Pooja Tikekar ( @PoojaTikekar) • September 2, 2025 Image: Jim Cumming/Shutterstock A cyber-espionage campaign attributed to a Chinese nation-state actor, identified as Silver Fox, has successfully exploited a gap in Microsoft’s signed driver…
Cloudflare has confirmed a data breach linked to Salesforce through the Salesloft Drift integration, resulting in the exposure of customer support case data while keeping core systems intact. In a recent disclosure, Cloudflare acknowledged that a supply chain attack on Salesloft Drift led to the exposure of sensitive customer support…
A recent investigation has unveiled a sophisticated phishing-as-a-service (PhaaS) platform named Lucid, which is reportedly targeting 169 entities across 88 countries. The modus operandi involves smishing—phishing via SMS—leveraging Apple iMessage and Rich Communication Services (RCS) on Android devices. This approach enables cybercriminals to exploit legitimate communication channels, effectively bypassing conventional…
Data Breach Targets Zscaler and Palo Alto Networks through Salesloft Drift Vulnerability In a recent cybersecurity incident, Zscaler and Palo Alto Networks have fallen victim to a breach facilitated through a vulnerability in the Salesloft Drift platform. This breach is a stark reminder of the ever-evolving landscape of cyber threats…
For over ten years, application security teams have encountered a perplexing issue: with enhanced detection tools came increasingly irrelevant outcomes. As alerts from static analysis tools, scanners, and CVE databases surged, the expected promise of improved security slipped further away, morphing into a cycle of alert fatigue and strained resources.…
Recent developments in cybersecurity have illuminated a sophisticated backdoor associated with a malware downloader known as Wslink, believed to be utilized by the notorious Lazarus Group, an actor aligned with North Korean interests. The findings, reported by ESET, highlight a payload referred to as WinorDLL64, which acts as a comprehensive…
Recent disclosures of ChatGPT conversations reveal a troubling trend: users are divulging sensitive personal information and seeking mental health advice, underscoring the dangers of oversharing with AI chatbots. In August 2025, a large volume of ChatGPT discussions surfaced online, leading many to believe it stemmed from a technical flaw. However,…
Hackers leveraged vulnerabilities in the Salesloft Drift application to acquire OAuth tokens, resulting in unauthorized access to Salesforce data and exposing sensitive customer information at several major technology companies. A significant cyber intrusion has involved a group known as UNC6395, which has reportedly compromised sensitive customer data across various organizations,…
