Okta, a pivotal player in identity and access management, reported an unauthorized access event involving its source code repositories earlier this month. The incident, which was disclosed on Wednesday, raises substantial concerns about the security practices surrounding sensitive organizational code. According to an official statement, Okta reassured stakeholders that “there…
A recent investigation has uncovered alarming findings regarding a dataset utilized for training large language models (LLMs). This dataset reportedly contains close to 12,000 live secrets, including credentials capable of authenticating access to various services. This discovery raises significant concerns about the risks associated with hard-coded credentials. Organizations face heightened…
Recent developments have emerged regarding the Salesloft Drift breach, which has impacted over 700 organizations across the globe. New victims have come forward, adding to the severity of the incident. On August 20, Salesloft and Salesforce announced they had severed ties between Drift, an AI-powered chatbot for sales and marketing,…
Relevant topics include Third Party Risk Management, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Developer Compromised by Phishing Attack Involving a Malicious Email Authored by Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • September 9, 2025 Image: Shutterstock An attacker compromised 18 widely-used npm packages by embedding cryptocurrency theft malware after…
Microsoft recently acknowledged an individual operating under the EncryptHub alias for uncovering and reporting two significant security vulnerabilities in Windows. This acknowledgment depicts a complex profile of a person straddling a legitimate cybersecurity career while engaging in cybercriminal activities. According to a detailed analysis by Outpost24 KrakenLabs, the individual behind…
Recent findings by cybersecurity experts have unveiled a significant vulnerability within the Amazon EC2 Simple Systems Manager (SSM) Agent, a flaw that has since been patched. Should it have been exploited by malicious actors, the vulnerability could have led to unauthorized privilege escalation and code execution on affected systems. The…
Since November 2024, threat actor Blind Eagle has executed a series of sophisticated campaigns primarily aimed at Colombian institutions and government bodies. These operations have demonstrated a high rate of infection, targeting critical infrastructure and private organizations alike. According to Check Point’s recent analysis, the campaigns resulted in more than…
Automated Sextortion Malware Discovered: A Growing Cybersecurity Threat Recent findings by security researchers at Proofpoint have brought to light a troubling evolution in cybersecurity threats. A new variant of infostealer malware, named Stealerium, has emerged, intricately blending data theft with automated sextortion techniques. This malware is designed to hijack a…
Cybersecurity Update: Rising Threats and Emerging Vulnerabilities In the ever-evolving landscape of cybersecurity, unpatched systems, weak passwords, and neglected plugins serve as gateways for attackers. As supply chains intertwine deeply with the software we depend on, malware is increasingly hidden within seemingly benign avenues, including job offers and cloud services.…
