Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Government Three-Year Espionage Campaign Targets Taiwanese Firms Akshaya Asokan (asokan_akshaya) • November 21, 2025 (Image: Shutterstock) Security researchers have uncovered a multi-year espionage operation attributed to a hacking group with suspected ties to the Chinese government. This sustained campaign, lasting three years,…
Salesforce Detects Unauthorized Activity Linked to Gainsight Applications On November 21, Salesforce informed its customers of unusual activity tied to applications developed by Gainsight, which are directly managed by users. The detection of this atypical behavior raised concerns regarding potential unauthorized access to sensitive Salesforce data through its connection with…
Significant Supply Chain Attack Discovered in XZ Utils, Posing Serious Risks to Linux Users A profound security threat has emerged following the discovery of malicious code inserted into XZ Utils, an open-source library used extensively in numerous major Linux distributions. This vulnerability, identified as CVE-2024-3094 and given a critical CVSS…
Recent investigations have linked a malicious web shell deployed on Windows systems to a possible Chinese cyber threat group, following the exploitation of an undisclosed zero-day vulnerability in SolarWinds’ Orion network monitoring software. The cybersecurity firm Secureworks reported that this breach involved a web shell referred to as Supernova, which…
Election Results Canceled Due to Lost Encryption Key by IACR Official In a significant blow to the integrity of its electoral process, the International Association of Cryptologic Research (IACR) announced the cancellation of the results from its annual leadership election. This decision was made after a trustee on the election…
A significant data breach has occurred involving a campaigning site utilized by Likud, the political party led by Israeli Prime Minister Benjamin Netanyahu. The breach has exposed sensitive personal information belonging to approximately 6.5 million eligible Israeli voters, occurring just weeks ahead of the upcoming legislative elections. In Israel, political…
Government, Healthcare, Industry Specific Also: Akira Ransomware Targets Healthcare, AI’s Sycophancy Becomes a Security Risk Anna Delaney (annamadeline) • November 21, 2025 Clockwise, from top left: Anna Delaney, Tony Morbin, Chris Riotta, and Marianne Kolbasuk McGee This week’s ISMG Editors’ Panel convened a discussion among four seasoned editors, who addressed…
EXCLUSIVE ShinyHunters has reportedly taken responsibility for a security breach at Gainsight, further compromising the data of numerous Salesforce customers. This breach expands the ongoing ramifications of earlier cyber incidents, particularly the Salesloft Drift hack from earlier this year, which ShinyHunters claims provided them with the initial access to Gainsight’s…
Ivanti Addresses Critical Security Vulnerabilities in Connect Secure and Policy Secure Gateways Ivanti has issued urgent security updates to rectify multiple vulnerabilities affecting its Connect Secure and Policy Secure Gateways. These flaws present significant risks, including potential code execution and denial-of-service (DoS) conditions, which could severely disrupt service delivery. The…
