Cybercriminals continue to exploit Microsoft Word and Excel documents as conduits for malware delivery as we advance through 2025. These methods remain effective, leveraging phishing tactics and zero-click exploits to infiltrate targets with relative ease, particularly in corporate settings where Office documents are routinely shared. This year, there are three…
Identity & Access Management, Security Operations Salesloft Reports GitHub Repository Compromised by Cyber Attackers Greg Sirico • September 8, 2025 Image: Shutterstock Salesloft has confirmed that hackers gained unauthorized access to its GitHub repository, leading to a significant breach affecting several companies, including cybersecurity firms Tenable and Qualys. This incident…
Recent data breaches have raised concerns about security within popular applications, particularly the use of the Salesloft Drift application to compromise Salesforce data. In an important update, Salesloft has reported that the security incident has been addressed, with containment measures and customer protections now in effect. To investigate the breach,…
The Biden administration has classified certain spyware used for phone hacking as highly controversial, leading to strict limitations on its use by the US government in an executive order issued in March 2024. As the Trump administration takes steps to enhance immigration enforcement, this landscape could shift dramatically, paving the…
Cloudflare Discovers Record-Breaking DDoS Attack In a significant cybersecurity breach, Cloudflare announced on Monday that it successfully mitigated a massive distributed denial-of-service (DDoS) attack, which reached an unprecedented peak of over 71 million requests per second (RPS). This attack, labeled a “hyper-volumetric” DDoS assault, eclipses the previous record of 46…
Cloudflare Admits to Security Oversight in TLS Certificate Management On Thursday, Cloudflare officially acknowledged a series of failures concerning its handling of TLS certificates. The company stated that it encountered three primary issues: initially, the mismanagement of IP certificates for 1.1.1.1, followed by inadequate filtering of certificate issuance alerts, and…
Welcome to this week’s edition of the cybersecurity newsletter. Our goal is to arm you with the latest intelligence on cyber threats that could jeopardize your business operations. In this week’s issue, we examine critical updates regarding vulnerabilities affecting Apple devices, the rising threat of ransomware, unprecedented DDoS attacks, and…
Potential Security Breach Due to Misissued TLS Certificates A recent alarming security discovery has raised concerns about the vulnerabilities inherent in the public key infrastructure (PKI) supporting internet trust. The precise details surrounding the organization or individual responsible for acquiring unauthorized credentials remain unclear, as representatives from Fina have not…
Cybercrime, Fraud Management & Cybercrime, Identity & Access Management Extent of Breach Still Unfolding; Reports Indicate Hundreds of Organizations Impacted Mathew J. Schwartz (euroinfosec) • September 3, 2025 Image: Shutterstock A series of data breaches linked to the theft of access tokens from the marketing software provider Salesloft’s Drift AI…
