Infosecurity News

  1. Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign

    Salesloft has revealed that threat actors targeted customer Salesforce data after breaching its GitHub account

  2. Wealthsimple Confirms Data Breach After Supply Chain Attack

    Wealthsimple confirmed a third-party vendor data breach affecting roughly 30,000 customers

  3. MostereRAT Targets Windows Users With Stealth Tactics

    Phishing campaign unveiled MostereRAT, targeting Windows systems with advanced evasion techniques

  4. Remote Access Abuse Biggest Pre-Ransomware Indicator

    Cisco Talos found that abuse of remote services and remote access software are the most prevalent ‘pre-ransomware’ tactics deployed by threat actors

  5. Qualys, Tenable Latest Victims of Salesloft Drift Hack

    Palo Alto Networks, Cloudflare and Zscaler were also among confirmed victims of the attack

  6. GhostAction Supply Chain Attack Compromises 3000+ Secrets

    Security researchers have discovered a new malicious campaign impacting hundreds of GitHub users

  7. SAP S/4HANA Users Urged to Patch Critical Exploited Bug

    Critical SAP S/4HANA vulnerability CVE-2025-42957 is being exploited in the wild

  8. Bridgestone Confirms "Limited Cyber Incident" Impacting Facilities in North America

    Bridgestone Americas confirmed the incident but has not detailed the scope of the attack

  9. South Carolina School District Data Breach Affects 31,000 People

    An investigation has revealed that files were stolen in a data breach affecting a South Carolina school district

  10. macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security

    Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into installing cracked versions of apps

  11. US and 14 Allies Release Joint Guidance on Software Bill of Materials

    The joint guidance is a welcome first step towards a common, global adoption of SBOMs, experts argued

  12. 61% of US Companies Hit by Insider Data Breaches

    The OPSWAT report found that insider breaches cost impacted firms $2.7m on average due to factors such as regulatory fines and diminished productivity

  13. GhostRedirector Emerges as New China-Aligned Threat Actor

    A newly identified hacking group named GhostRedirector has compromised 65 Windows servers using previously unknown tools

  14. North Korean Hackers Exploit Threat Intel Platforms For Phishing

    North Korean hackers have been observed exploiting cyber threat intelligence platforms in a campaign targeting job seekers with malware-laced lures

  15. CMS Provider Sitecore Patches Exploited Critical Zero Day

    Google Cloud’s Mandiant successfully disrupted an active ViewState deserialization attack affecting Sitecore deployments

  16. Scattered Spider-Linked Group Claims JLR Cyber-Attack

    JLR said it is investigating following claims by the actor “Scattered Lapsus$ Hunters” that it had stolen data from the firm and had issued an extortion demand

  17. Threat Actors Abuse Hexstrike-AI Tool to Accelerate Exploitation

    Hackers are using legitimate red team tool Hexstrike-AI to simplify and speed up vulnerability exploitation

  18. Healthcare Sector Takes 58 Days to Resolve Serious Vulnerabilities

    A new Cobalt study finds healthcare organizations among the slowest at resolving serious vulnerabilities

  19. Malicious npm Packages Exploit Ethereum Smart Contracts

    A malicious campaign using Ethereum smart contracts has been observed targeting developers via npm and GitHub

  20. Russian APT28 Expands Arsenal with 'NotDoor' Outlook Backdoor

    The backdoor is a sophisticated VBA-based malware targeting Microsoft Outlook

Why Not Watch?

  1. Why Your Organisation Needs Trusted Time Synchronisation

  2. Audit & Compliance in the Era of AI and Emerging Technology

  3. How to Recover From a Cyber-Attack: A Step-by-Step Playbook

  4. How To Enhance Security Operations with AI-Powered Defenses

What’s Hot on Infosecurity Magazine?