AI-Powered SASE, Governance & Risk Management, Security Service Edge (SSE) Netskope Files for Second Cybersecurity IPO of 2025, Emphasizing Channel Partnership Dependency Michael Novinson (MichaelNovinson) • August 22, 2025 Sanjay Beri, Netskope co-founder and CEO (Image: Netskope) Netskope has marked its position as the second cybersecurity entity to initiate an…
The Role of Third Parties and Machine Credentials in 2025’s Major Data Breaches
May 06, 2025
AI Security / Enterprise IT
In the 2025 Verizon Data Breach Investigations Report (DBIR), it wasn’t just ransomware or zero-day exploits that caught attention; rather, it was the underlying factors that enabled these incidents. Two significant contributors to this year’s most severe breaches emerged: third-party vulnerabilities and machine credential misuse. The report revealed that third-party involvement in breaches surged from 15% to 30% year-over-year. Simultaneously, cybercriminals increasingly leveraged machine credentials and unmanaged machine accounts to infiltrate systems, escalate privileges, and steal sensitive data. The takeaway is clear: protecting only employee accounts is no longer sufficient. To effectively combat modern threats, organizations must implement a comprehensive security strategy that encompasses all identities—human, non-employee, and machine.
The Escalating Threat of Third-Party Risks
Today’s enterprises operate within a complex network of partnerships, including contractors, vendors, and more.
Third Parties and Machine Credentials: Key Contributors to 2025’s Security Breaches May 06, 2025 AI Security / Enterprise IT The 2025 Verizon Data Breach Investigations Report (DBIR) revealed that the most pressing issues in this year’s data breaches weren’t the sensational headlines of ransomware attacks or zero-day vulnerabilities, but rather…
The Role of Third Parties and Machine Credentials in 2025’s Major Data Breaches
May 06, 2025
AI Security / Enterprise IT
In the 2025 Verizon Data Breach Investigations Report (DBIR), it wasn’t just ransomware or zero-day exploits that caught attention; rather, it was the underlying factors that enabled these incidents. Two significant contributors to this year’s most severe breaches emerged: third-party vulnerabilities and machine credential misuse. The report revealed that third-party involvement in breaches surged from 15% to 30% year-over-year. Simultaneously, cybercriminals increasingly leveraged machine credentials and unmanaged machine accounts to infiltrate systems, escalate privileges, and steal sensitive data. The takeaway is clear: protecting only employee accounts is no longer sufficient. To effectively combat modern threats, organizations must implement a comprehensive security strategy that encompasses all identities—human, non-employee, and machine.
The Escalating Threat of Third-Party Risks
Today’s enterprises operate within a complex network of partnerships, including contractors, vendors, and more.
INTERPOL’s Operation Results in 1,209 Arrests in Cybercrime Crackdown LYON, France – A coordinated effort by INTERPOL, dubbed Operation Serengeti 2.0, has led to the arrest of 1,209 cybercriminals across Africa, targeting nearly 88,000 victims. This extensive operation highlights the pervasive nature of cybercrime and emphasizes the necessity for international…
Title: Over 20 Configuration Vulnerabilities Discovered in Salesforce Industry Cloud, Including Five CVEs
Date: June 10, 2025
Category: Vulnerability / SaaS Security
Cybersecurity experts have identified more than 20 configuration vulnerabilities within Salesforce Industry Cloud (formerly known as Salesforce Industries), potentially exposing sensitive data to unauthorized users. These vulnerabilities impact key components such as FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions. “While low-code platforms like Salesforce Industry Cloud simplify application development, neglecting security measures can lead to significant risks,” said Aaron Costello, Chief of SaaS Security Research at AppOmni, in a statement to The Hacker News. If not mitigated, these misconfigurations may enable cybercriminals and unauthorized individuals to access encrypted sensitive information about employees and customers, session data reflecting user interactions with Salesforce Industry Cloud, credentials for Salesforce and other corporate systems, and critical business logic. Following a responsible disclosure process, more information is anticipated.
Cybersecurity Researchers Identify Over 20 Configuration Vulnerabilities in Salesforce Industry Cloud June 10, 2025 Recent investigations by cybersecurity experts have revealed more than 20 configuration vulnerabilities within Salesforce Industry Cloud, also known as Salesforce Industries. These security weaknesses pose significant risks, as they could potentially expose sensitive data to unauthorized…
Title: Over 20 Configuration Vulnerabilities Discovered in Salesforce Industry Cloud, Including Five CVEs
Date: June 10, 2025
Category: Vulnerability / SaaS Security
Cybersecurity experts have identified more than 20 configuration vulnerabilities within Salesforce Industry Cloud (formerly known as Salesforce Industries), potentially exposing sensitive data to unauthorized users. These vulnerabilities impact key components such as FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions. “While low-code platforms like Salesforce Industry Cloud simplify application development, neglecting security measures can lead to significant risks,” said Aaron Costello, Chief of SaaS Security Research at AppOmni, in a statement to The Hacker News. If not mitigated, these misconfigurations may enable cybercriminals and unauthorized individuals to access encrypted sensitive information about employees and customers, session data reflecting user interactions with Salesforce Industry Cloud, credentials for Salesforce and other corporate systems, and critical business logic. Following a responsible disclosure process, more information is anticipated.
Dark Pink APT Group Utilizes TelePowerBot and KamiKakaBot in Complex Campaigns
On May 31, 2023, it was reported that the Advanced Persistent Threat (APT) group known as Dark Pink has launched five new attacks targeting various organizations in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. The targets include educational institutions, government agencies, military organizations, and non-profit entities, highlighting the group’s ongoing focus on high-value assets. Also referred to as the Saaiwc Group, Dark Pink is believed to originate from the Asia-Pacific region, primarily directing its attacks towards East Asia, with some activity observed in Europe. The group employs a variety of custom malware tools, including TelePowerBot and KamiKakaBot, to facilitate the exfiltration of sensitive data from compromised systems. “The group uses a range of sophisticated custom tools and deploys multiple kill chains, often leveraging spear-phishing emails,” noted Andrey Polovinkin, a security researcher at Group-IB, in a technical report.
Dark Pink APT Group Executes Targeted Attacks Using TelePowerBot and KamiKakaBot May 31, 2023 Recent cybersecurity analyses have revealed that the APT group known as Dark Pink has been involved in a series of five sophisticated cyber attacks across multiple countries, including Belgium, Brunei, Indonesia, Thailand, and Vietnam, from February…
Dark Pink APT Group Utilizes TelePowerBot and KamiKakaBot in Complex Campaigns
On May 31, 2023, it was reported that the Advanced Persistent Threat (APT) group known as Dark Pink has launched five new attacks targeting various organizations in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. The targets include educational institutions, government agencies, military organizations, and non-profit entities, highlighting the group’s ongoing focus on high-value assets. Also referred to as the Saaiwc Group, Dark Pink is believed to originate from the Asia-Pacific region, primarily directing its attacks towards East Asia, with some activity observed in Europe. The group employs a variety of custom malware tools, including TelePowerBot and KamiKakaBot, to facilitate the exfiltration of sensitive data from compromised systems. “The group uses a range of sophisticated custom tools and deploys multiple kill chains, often leveraging spear-phishing emails,” noted Andrey Polovinkin, a security researcher at Group-IB, in a technical report.
Data Privacy, Data Security, Healthcare Nuance Reaches Settlement Amid Ongoing MOVEit Litigation Marianne Kolbasuk McGee (HealthInfoSec) • August 21, 2025 Image: Nuance, Progress Software Nuance Communications, a subsidiary of Microsoft, has consented to pay $8.5 million to resolve a class action lawsuit stemming from a 2023 cyberattack that exploited a…
May 08, 2025
Malware / Cyber Espionage
The nation-state threat group MirrorFace has been detected deploying malware named ROAMINGMOUSE in a cyber espionage operation aimed at government agencies and public institutions in Japan and Taiwan. This activity, identified by Trend Micro in March 2025, involved the use of spear-phishing tactics to deliver an upgraded version of a backdoor known as ANEL. “The ANEL file from the 2025 campaign introduced a new command for executing BOF (Beacon Object File) in memory,” noted security researcher Hara Hiroaki. “Additionally, this campaign may have utilized SharpHide to initiate the second-stage backdoor, NOOPDOOR.” MirrorFace, also identified as Earth Kasha, is believed to be a subgroup of APT10. In March 2025, ESET detailed a campaign named Operation AkaiRyū, which targeted a diplomatic organization within the European Union in August 2024 using the ANEL malware (also referred to as UPPERCUT).
MirrorFace Cyber Espionage Campaign Targets Government Entities in Japan and Taiwan May 8, 2025 – In a concerning trend in cyber warfare, the nation-state threat actor known as MirrorFace has been detected deploying a sophisticated malware variant named ROAMINGMOUSE. This campaign appears to be primarily focused on government bodies and…
May 08, 2025
Malware / Cyber Espionage
The nation-state threat group MirrorFace has been detected deploying malware named ROAMINGMOUSE in a cyber espionage operation aimed at government agencies and public institutions in Japan and Taiwan. This activity, identified by Trend Micro in March 2025, involved the use of spear-phishing tactics to deliver an upgraded version of a backdoor known as ANEL. “The ANEL file from the 2025 campaign introduced a new command for executing BOF (Beacon Object File) in memory,” noted security researcher Hara Hiroaki. “Additionally, this campaign may have utilized SharpHide to initiate the second-stage backdoor, NOOPDOOR.” MirrorFace, also identified as Earth Kasha, is believed to be a subgroup of APT10. In March 2025, ESET detailed a campaign named Operation AkaiRyū, which targeted a diplomatic organization within the European Union in August 2024 using the ANEL malware (also referred to as UPPERCUT).
Last updated: August 22, 2025 Recent health data breaches across the Asia-Pacific (APAC) region have led to stricter security regulations and enhanced enforcement measures. Organizations are now faced with the imperative to improve compliance protocols, implement comprehensive cybersecurity training for employees, and reinforce their strategies for responding to breaches. Filed…
Cyclops Ransomware Group Unveils Go-Based Info Stealer for Cybercriminals
Threat actors associated with the Cyclops ransomware have been identified promoting malware designed to steal sensitive information from compromised systems. According to a recent report by Uptycs, the group markets its offerings on forums, seeking a share of profits from those using its tools for malicious activities. Cyclops ransomware is particularly notable for its ability to target major desktop operating systems, including Windows, macOS, and Linux, while also terminating any processes that might hinder encryption. The macOS and Linux versions are developed in Golang, utilizing a sophisticated encryption method that combines both asymmetric and symmetric techniques. The Go-based info stealer targets Windows and Linux systems, gathering critical data such as operating system details, computer name, and other specifications.
Cyclops Ransomware Group Introduces Go-Based Info Stealer for Cybercriminals June 6, 2023 In recent developments within the cybercrime ecosystem, the Cyclops ransomware group has begun marketing a new variant of information-stealing malware, specifically designed to harvest sensitive data from compromised systems. According to a report from Uptycs, this threat actor…
Cyclops Ransomware Group Unveils Go-Based Info Stealer for Cybercriminals
Threat actors associated with the Cyclops ransomware have been identified promoting malware designed to steal sensitive information from compromised systems. According to a recent report by Uptycs, the group markets its offerings on forums, seeking a share of profits from those using its tools for malicious activities. Cyclops ransomware is particularly notable for its ability to target major desktop operating systems, including Windows, macOS, and Linux, while also terminating any processes that might hinder encryption. The macOS and Linux versions are developed in Golang, utilizing a sophisticated encryption method that combines both asymmetric and symmetric techniques. The Go-based info stealer targets Windows and Linux systems, gathering critical data such as operating system details, computer name, and other specifications.
