Recent investigations by Cybereason have revealed that the Gootkit malware, also known as Gootloader, is primarily targeting healthcare and financial entities across the United States, United Kingdom, and Australia. These findings shed light on the evolving threat landscape, emphasizing the need for heightened vigilance in these sectors. In a December…
Encryption & Key Management, Security Operations Mandiant Uncovers Significant Vulnerability in Sitecore Products Prajeet Nair (@prajeetspeaks) • September 4, 2025 Image: Shutterstock Cybercriminals have exploited a recently patched zero-day vulnerability within Sitecore, a widely used content management system supporting numerous major enterprises, including HSBC, L’Oréal, Toyota, and United Airlines. Sitecore…
Recent reports have highlighted the emergence of a sophisticated malware strain known as DslogdRAT, which exploits a recently patched vulnerability in Ivanti Connect Secure (ICS). This vulnerability, tracked as CVE-2025-0282, was initially leveraged by cybercriminals against organizations in Japan in December 2024. It enabled attackers to install both the malware…
In a significant escalation of cyber warfare, a joint report by Google’s Threat Analysis Group (TAG) and Mandiant reveals that Russian cyber attacks against Ukraine surged by 250% in 2022 compared to two years prior. This dramatic increase coincided with Russia’s military invasion of Ukraine in February 2022, focusing on…
Recent cybersecurity reports have illuminated the activities of an initial access broker (IAB) known as ToyMaker, which has been linked to facilitating access for ransomware groups, including the notorious CACTUS. This IAB has been observed actively scanning for vulnerabilities in systems, as well as deploying bespoke malware identified as LAGTOY,…
Cybercrime, Fraud Management & Cybercrime, Identity & Access Management Extent of Breach Still Unfolding; Reports Indicate Hundreds of Organizations Impacted Mathew J. Schwartz (euroinfosec) • September 3, 2025 Image: Shutterstock A series of data breaches linked to the theft of access tokens from the marketing software provider Salesloft’s Drift AI…
Salesloft Authentication Token Breach Exposes Corporate Vulnerabilities Recent developments in cybersecurity have raised alarms among businesses utilizing Salesloft, a platform that streamlines customer interactions into actionable leads for Salesforce. A significant breach involving the theft of authentication tokens from Salesloft has prompted fast action from numerous companies as they scramble…
Cyber Threat Alert: Kimsuky Group Targets Gmail Inboxes Using Rogue Browser Extensions Recent advisories from government agencies in Germany and South Korea have highlighted a concerning wave of cyberattacks attributed to a North Korean threat actor known as Kimsuky. This group has been leveraging malicious browser extensions to infiltrate users’…
A recent report has identified a China-linked threat actor, referred to as Chaya_004, actively exploiting a critical vulnerability in SAP NetWeaver. This attack leverages the flaw CVE-2025-31324, which has been assigned a maximum CVSS score of 10.0. The malicious activity linked to this actor has been ongoing since April 29,…
