Google Issues Alert on ShinyHunters Attack Campaign Targeting Gmail Users Google has recently issued a significant security warning regarding the ShinyHunters hacking group, which has utilized Gmail to conduct attacks on users. This alert highlights the potential vulnerabilities affecting millions, as the group has gained access to sensitive data during…
Artificial Intelligence & Machine Learning, Cloud Security, Governance & Risk Management Leonard Bertelli from FPT Discusses the Shift from Reactive Monitoring to Proactive Insights Yamini Kalra • August 29, 2025 Leonard Bertelli, Senior Vice President, Enterprise and AI Solutions, FPT Americas Once regarded as a niche area of engineering, observability…
TransUnion, one of the largest credit reporting agencies in the United States, has announced a data breach impacting the personal information of approximately 4.4 million customers. This incident, which occurred on July 28, resulted from unauthorized access to a third-party application that stores customer data. Notably, the company clarified that…
Data Privacy, Data Security, Fraud Management & Cybercrime Mount Sinai Health System Settles Class Action Over Patient Data Misuse Marianne Kolbasuk McGee ( HealthInfoSec) • August 27, 2025 A settlement of nearly $5.3 million by Mount Sinai Health Systems highlights ongoing issues surrounding the unauthorized use of online tracking on…
Farmers Insurance has announced a data breach affecting approximately 1.1 million customers. This incident, linked to the hacker groups ShinyHunters and Scattered Spider, reflects a troubling trend of cyberattacks targeting organizations using Salesforce’s platform. Farmers Insurance has recently revealed a significant data breach impacting over 1.1 million customers. The company…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.
A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.
CISA Alerts Businesses to Five Critical Security Vulnerabilities: Immediate Response Needed On April 10, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory concerning five newly identified security vulnerabilities now included in its Known Exploited Vulnerabilities (KEV) catalog. This addition is backed by evidence indicating active…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.
A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.
A recent advisory from Google and Mandiant has uncovered a significant data breach involving Salesforce, where the threat actor UNC6395 deployed stolen OAuth tokens to bypass Multi-Factor Authentication (MFA). Organizations are urged to take steps to protect non-human identities to prevent similar breaches. According to the advisory from the Google…
April 14, 2023
Mobile Security / Cyber Threat
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation evidence. The vulnerabilities include:
CISA’s advisory for CVE-2023-20963 notes that the Android Framework contains an unspecified vulnerability that enables privilege escalation when an app is updated to a higher Target SDK without requiring additional execution privileges. Google acknowledged in its March 2023 Android Security Bulletin that there are signs of limited, targeted exploitation of CVE-2023-20963. This revelation follows a report from Ars Technica that Android apps digitally signed by a Chinese e-commerce entity may be affected.
Active Exploitation of Critical Android and Novi Survey Vulnerabilities On April 14, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of two severe vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities have been confirmed to be actively exploited in the wild, prompting urgent awareness…
April 14, 2023
Mobile Security / Cyber Threat
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation evidence. The vulnerabilities include:
CISA’s advisory for CVE-2023-20963 notes that the Android Framework contains an unspecified vulnerability that enables privilege escalation when an app is updated to a higher Target SDK without requiring additional execution privileges. Google acknowledged in its March 2023 Android Security Bulletin that there are signs of limited, targeted exploitation of CVE-2023-20963. This revelation follows a report from Ars Technica that Android apps digitally signed by a Chinese e-commerce entity may be affected.
Google Reports APT41’s Exploitation of Open Source GC2 Tool to Target Media and Job Websites
April 17, 2023
Cyber Threat / Cloud Security
A Chinese nation-state group has reportedly targeted an unnamed Taiwanese media outlet using an open-source red teaming tool called Google Command and Control (GC2). This activity is part of a larger trend of utilizing Google’s infrastructure for malicious purposes. Google’s Threat Analysis Group (TAG) attributes the operation to a threat actor known as HOODOO, also identified as APT41, Barium, Bronze Atlas, Wicked Panda, and Winnti. The attack begins with a phishing email that includes links to a password-protected file on Google Drive. This file contains the Go-based GC2 tool, which retrieves commands from Google Sheets and exfiltrates data via the cloud storage service. “Once installed on the victim’s machine, the malware queries Google Sheets for attacker commands,” stated Google’s cloud division in its latest Threat Horizons Report.
APT41 Exploits Open Source Tool to Target Taiwanese Media Outlets In a recently uncovered cyber operation, Google’s Threat Analysis Group (TAG) reported that a Chinese state-sponsored threat actor known as APT41 has aimed its sights on a Taiwanese media organization. This campaign involved the use of a red teaming tool…
Google Reports APT41’s Exploitation of Open Source GC2 Tool to Target Media and Job Websites
April 17, 2023
Cyber Threat / Cloud Security
A Chinese nation-state group has reportedly targeted an unnamed Taiwanese media outlet using an open-source red teaming tool called Google Command and Control (GC2). This activity is part of a larger trend of utilizing Google’s infrastructure for malicious purposes. Google’s Threat Analysis Group (TAG) attributes the operation to a threat actor known as HOODOO, also identified as APT41, Barium, Bronze Atlas, Wicked Panda, and Winnti. The attack begins with a phishing email that includes links to a password-protected file on Google Drive. This file contains the Go-based GC2 tool, which retrieves commands from Google Sheets and exfiltrates data via the cloud storage service. “Once installed on the victim’s machine, the malware queries Google Sheets for attacker commands,” stated Google’s cloud division in its latest Threat Horizons Report.
