Planning a night out at Madison Square Garden? Enjoy yourself, but be aware of the surveillance that comes with it. A recent investigation by WIRED has uncovered alarming details regarding the invasive surveillance measures implemented by MSG owner Jim Dolan and security head John Eversole. Reports indicate that attendees at…
Google Alerts: Salesloft Drift Breach Affects All Integrations Beyond Salesforce
Aug 29, 2025
Data Breach / Salesforce
Google has issued a warning regarding the recent surge of attacks on Salesforce instances via Salesloft Drift, revealing that the scope of the breach is wider than initially believed. The advisory advises all Salesloft Drift customers to consider any authentication tokens linked to the Drift platform as potentially compromised. According to the Google Threat Intelligence Group (GTIG) and Mandiant, the attackers utilized stolen OAuth tokens to access emails from a select few Google Workspace accounts on August 9, 2025, following the breach of the OAuth tokens for the “Drift Email” integration. Importantly, this incident does not represent a compromise of Google Workspace or Alphabet itself. Only accounts specifically set up to integrate with Salesloft were at risk; other accounts on a customer’s Workspace remained secure.
Google Issues Warning on Expanded Impact of Salesloft Drift Breach August 29, 2025 In a significant cybersecurity alert, Google has disclosed that the recent attacks targeting Salesforce instances through Salesloft’s Drift platform are far-reaching, affecting all integrations beyond Salesforce. In an updated advisory, the Google Threat Intelligence Group (GTIG) alongside…
Google Alerts: Salesloft Drift Breach Affects All Integrations Beyond Salesforce
Aug 29, 2025
Data Breach / Salesforce
Google has issued a warning regarding the recent surge of attacks on Salesforce instances via Salesloft Drift, revealing that the scope of the breach is wider than initially believed. The advisory advises all Salesloft Drift customers to consider any authentication tokens linked to the Drift platform as potentially compromised. According to the Google Threat Intelligence Group (GTIG) and Mandiant, the attackers utilized stolen OAuth tokens to access emails from a select few Google Workspace accounts on August 9, 2025, following the breach of the OAuth tokens for the “Drift Email” integration. Importantly, this incident does not represent a compromise of Google Workspace or Alphabet itself. Only accounts specifically set up to integrate with Salesloft were at risk; other accounts on a customer’s Workspace remained secure.
July 14, 2021
Microsoft has released its July Patch Tuesday updates, addressing a total of 117 security vulnerabilities, among which are nine zero-day flaws—four of which are currently being exploited in the wild, potentially allowing attackers to gain control of affected systems. Out of these vulnerabilities, 13 are classified as Critical, 103 as Important, and one as Moderate in severity. Notably, six of these vulnerabilities were publicly known at the time of the update.
The updates affect a wide range of Microsoft products, including Windows, Bing, Dynamics, Exchange Server, Office, the Scripting Engine, Windows DNS, and Visual Studio Code. This month saw a significant increase in the number of vulnerabilities patched, surpassing the totals from May (55) and June (50).
Among the most critical actively exploited vulnerabilities are:
Microsoft Addresses 117 Security Vulnerabilities in July Patch Update, Including Nine Zero-Day Flaws Microsoft has released its July Patch Tuesday updates, addressing a total of 117 security vulnerabilities across a wide range of its products. Among these, there are nine critical zero-day flaws, four of which are reportedly under active…
July 14, 2021
Microsoft has released its July Patch Tuesday updates, addressing a total of 117 security vulnerabilities, among which are nine zero-day flaws—four of which are currently being exploited in the wild, potentially allowing attackers to gain control of affected systems. Out of these vulnerabilities, 13 are classified as Critical, 103 as Important, and one as Moderate in severity. Notably, six of these vulnerabilities were publicly known at the time of the update.
The updates affect a wide range of Microsoft products, including Windows, Bing, Dynamics, Exchange Server, Office, the Scripting Engine, Windows DNS, and Visual Studio Code. This month saw a significant increase in the number of vulnerabilities patched, surpassing the totals from May (55) and June (50).
Among the most critical actively exploited vulnerabilities are:
Over 50 Million LivingSocial Customers Impacted by Cyber Attack
April 27, 2013
LivingSocial, the daily deals platform partially owned by Amazon Inc., has experienced a significant cyber attack that may have compromised the data of over 50 million customers. As a precaution, all affected users will need to reset their passwords. With a global membership of 70 million, the leaked information includes names, email addresses, birth dates, and encrypted passwords, although credit card and financial information remain secure, according to the company. The breach has impacted customers in regions including North America, Australia, New Zealand, the UK, Ireland, Malaysia, as well as LetsBonus users in Southern Europe and Latin America. Affected users are advised to stay vigilant, as the stolen information could be used for phishing attempts. LivingSocial is proactively emailing customers to initiate a password change.
LivingSocial Data Breach Affects 50 Million Customers On April 27, 2013, LivingSocial, a daily deals platform partly owned by Amazon Inc., disclosed that it fell victim to a significant cyberattack impacting the personal information of over 50 million customers. This incident has prompted the company to initiate a mandatory password…
Over 50 Million LivingSocial Customers Impacted by Cyber Attack
April 27, 2013
LivingSocial, the daily deals platform partially owned by Amazon Inc., has experienced a significant cyber attack that may have compromised the data of over 50 million customers. As a precaution, all affected users will need to reset their passwords. With a global membership of 70 million, the leaked information includes names, email addresses, birth dates, and encrypted passwords, although credit card and financial information remain secure, according to the company. The breach has impacted customers in regions including North America, Australia, New Zealand, the UK, Ireland, Malaysia, as well as LetsBonus users in Southern Europe and Latin America. Affected users are advised to stay vigilant, as the stolen information could be used for phishing attempts. LivingSocial is proactively emailing customers to initiate a password change.
Grinex, a cryptocurrency exchange based in Kyrgyzstan and under U.S. sanctions, has announced it will cease operations following a significant cyber incident that resulted in the theft of approximately $15 million. This breach, attributed to hackers allegedly linked to “western special services,” marks a critical event in the ongoing challenges…
Feds Shut Down $6.4M VerifTools Fake ID Marketplace, Operators Quickly Relaunch on New Domain
Authorities from the Netherlands and the U.S. have successfully dismantled VerifTools, an illegal marketplace supplying counterfeit identity documents to cybercriminals globally. The operation resulted in the seizure of two website domains and a related blog, which now redirect users to a notice about the FBI’s enforcement action under a U.S. District Court warrant. However, just days later, the platform’s operators announced a relaunch at “veriftools.com.” The domain, registered in 2018, now raises questions regarding its administrators’ identities.
Feds Dismantle $6.4M VerifTools Counterfeit ID Marketplace; Operators Quickly Restart on New Domain Authorities from the United States and the Netherlands have successfully shut down VerifTools, a highly illicit marketplace known for selling fake identity documents to cybercriminals worldwide. In a coordinated operation, agents seized two major domains—verif[.]tools and veriftools[.]net—along…
Feds Shut Down $6.4M VerifTools Fake ID Marketplace, Operators Quickly Relaunch on New Domain
Authorities from the Netherlands and the U.S. have successfully dismantled VerifTools, an illegal marketplace supplying counterfeit identity documents to cybercriminals globally. The operation resulted in the seizure of two website domains and a related blog, which now redirect users to a notice about the FBI’s enforcement action under a U.S. District Court warrant. However, just days later, the platform’s operators announced a relaunch at “veriftools.com.” The domain, registered in 2018, now raises questions regarding its administrators’ identities.
Suspected Hacker Arrested in Connection with Historic DDoS Attack on Spamhaus
April 27, 2013
Dutch police have arrested a 35-year-old man linked to a colossal DDoS attack on the anti-spam organization Spamhaus that occurred in March. This attack, which peaked at over 300 Gbps, is recorded as the largest DDoS attack ever. Spamhaus, known for creating blacklists that identify spam sites for Internet Service Providers, experienced a severe disruption as its website was overwhelmed with traffic.
Following the attack, Spamhaus enlisted CloudFlare for protection against future threats. The arrest took place in Barcelona under a European arrest warrant, with plans for the suspect’s transfer to the Netherlands. The individual arrested is believed to be Sven Kamphuis, the owner of Dutch hosting company Cyberbunker, which has been connected to the attack. This incident is thought to have been triggered by Spamhaus blacklisting Cyberbunker.
Suspected Hacker Arrested in Connection with Largest DDoS Attack on Spamhaus April 27, 2013 In a significant development for cybersecurity, Dutch law enforcement authorities have confirmed the arrest of a 35-year-old man believed to be involved in the largest Distributed Denial of Service (DDoS) attack in history, which targeted the…
Suspected Hacker Arrested in Connection with Historic DDoS Attack on Spamhaus
April 27, 2013
Dutch police have arrested a 35-year-old man linked to a colossal DDoS attack on the anti-spam organization Spamhaus that occurred in March. This attack, which peaked at over 300 Gbps, is recorded as the largest DDoS attack ever. Spamhaus, known for creating blacklists that identify spam sites for Internet Service Providers, experienced a severe disruption as its website was overwhelmed with traffic.
Following the attack, Spamhaus enlisted CloudFlare for protection against future threats. The arrest took place in Barcelona under a European arrest warrant, with plans for the suspect’s transfer to the Netherlands. The individual arrested is believed to be Sven Kamphuis, the owner of Dutch hosting company Cyberbunker, which has been connected to the attack. This incident is thought to have been triggered by Spamhaus blacklisting Cyberbunker.
Late-Night Legislative Maneuver Leads to Surveillance Program Setback In a dramatic turn of events, House Speaker Mike Johnson called a late-night vote on Friday focused on the contentious reauthorization of a surveillance program that has raised privacy concerns. This program, part of Section 702 of the Foreign Intelligence Surveillance Act,…
Click Studios Addresses Authentication Bypass Vulnerability in Passwordstate’s Emergency Access Page
Published: August 29, 2025 | Category: Vulnerability / Enterprise Security
Click Studios, the developer behind Passwordstate, an enterprise password management solution, has released critical security updates to fix an authentication bypass vulnerability in its software. This high-severity issue, yet to receive a CVE identifier, has been resolved in Passwordstate version 9.9 (Build 9972), launched on August 28, 2025. The Australian company reported that the update addresses a “potential Authentication Bypass” in the Emergency Access page when exploited with a specially crafted URL. Additionally, the latest version incorporates enhanced protections against possible clickjacking attacks targeting its browser extension, particularly if users navigate to compromised sites. These enhancements likely respond to insights from security researcher Marek Tóth, who recently revealed a technique involving Document Object Model (DOM)-based extension clickjacking affecting various password manager browser add-ons.
Click Studios Addresses Critical Security Flaw in Passwordstate’s Emergency Access Feature On August 29, 2025, Click Studios, the developer behind the enterprise-level password management tool Passwordstate, announced the release of significant security updates aimed at resolving a high-severity authentication bypass vulnerability. This flaw, which has not yet been assigned a…
Click Studios Addresses Authentication Bypass Vulnerability in Passwordstate’s Emergency Access Page
Published: August 29, 2025 | Category: Vulnerability / Enterprise Security
Click Studios, the developer behind Passwordstate, an enterprise password management solution, has released critical security updates to fix an authentication bypass vulnerability in its software. This high-severity issue, yet to receive a CVE identifier, has been resolved in Passwordstate version 9.9 (Build 9972), launched on August 28, 2025. The Australian company reported that the update addresses a “potential Authentication Bypass” in the Emergency Access page when exploited with a specially crafted URL. Additionally, the latest version incorporates enhanced protections against possible clickjacking attacks targeting its browser extension, particularly if users navigate to compromised sites. These enhancements likely respond to insights from security researcher Marek Tóth, who recently revealed a technique involving Document Object Model (DOM)-based extension clickjacking affecting various password manager browser add-ons.