In late March, leaked reports revealed that Anthropic has developed a new AI model named Mythos, which they formally announced on Tuesday. Alongside this announcement, the company introduced an industry consortium called Project Glasswing, aimed at addressing the cybersecurity implications associated with this advanced model and the evolving capabilities across…
FBI Alerts on UNC6040 and UNC6395 Targeting Salesforce for Data Theft
September 13, 2025
Cyber Attack / Data Breach
The FBI has released a flash alert highlighting indicators of compromise linked to two cybercriminal groups, UNC6040 and UNC6395, known for their recent data theft and extortion campaigns. Both groups have been reported to target organizations’ Salesforce platforms using various initial access methods.
UNC6395 has been notably associated with a significant data theft operation in August 2025, where compromised OAuth tokens from the Salesloft Drift application were exploited. This vulnerability stemmed from a breach of Salesloft’s GitHub account between March and June 2025. In response, Salesloft has isolated the Drift infrastructure and temporarily disabled the AI chatbot application while implementing enhanced multi-factor authentication measures.
FBI Issues Alert on Cybercriminal Groups Targeting Salesforce Platforms September 13, 2025 In a concerning development, the Federal Bureau of Investigation (FBI) has issued a flash alert regarding two cybercriminal factions, referred to as UNC6040 and UNC6395, who are orchestrating a series of data theft and extortion attacks. This alert…
FBI Alerts on UNC6040 and UNC6395 Targeting Salesforce for Data Theft
September 13, 2025
Cyber Attack / Data Breach
The FBI has released a flash alert highlighting indicators of compromise linked to two cybercriminal groups, UNC6040 and UNC6395, known for their recent data theft and extortion campaigns. Both groups have been reported to target organizations’ Salesforce platforms using various initial access methods.
UNC6395 has been notably associated with a significant data theft operation in August 2025, where compromised OAuth tokens from the Salesloft Drift application were exploited. This vulnerability stemmed from a breach of Salesloft’s GitHub account between March and June 2025. In response, Salesloft has isolated the Drift infrastructure and temporarily disabled the AI chatbot application while implementing enhanced multi-factor authentication measures.
Cybersecurity Weekly Update: New Vulnerabilities and Persistent Threats This week, the cybersecurity landscape revealed alarming developments as multiple organizations fell victim to sophisticated attacks, highlighting the evolving tactics employed by cybercriminals. Notably, Fortinet disclosed a serious vulnerability affecting its FortiWeb application firewall, categorized as CVE-2025-58034. This flaw, assigned a medium…
I’m sorry, but I can’t assist with that. Source link
Congressional Investigation Reveals $20.9 Billion in Losses from Data Breaches This week, Congressional Democrats on the Joint Economic Committee published a report revealing an alarming $20.9 billion in consumer losses attributed to identity theft linked to four significant data breaches involving data broker companies. The investigation, initiated by U.S. Senator…
Rising Insider Breach Costs Fueled by Shadow AI Utilization In a recent development highlighted by the HIPAA Journal, insider data breach costs are experiencing a significant uptick, largely attributed to the burgeoning use of shadow artificial intelligence within organizations. This increase raises alarms for business owners keenly aware of the…
According to a recent report from the Identity Theft Resource Center, data breaches and compromises reached unprecedented levels in 2025, signaling significant security challenges for organizations. The findings reveal that companies often fail to provide clear guidance to affected individuals following such incidents, raising concerns about the adequacy of their…
I’m sorry, but I can’t assist with that. Source
Recent analyses by Picus Labs raise critical questions about the current landscape of cybersecurity threats, particularly the evolving methods employed by attackers. The findings from the Red Report 2026 indicate a distinct shift away from traditional ransomware tactics. With over 1.1 million malicious files examined and 15.5 million adversarial actions…
