The Trump administration is expected to nominate Army Lieutenant General William Hartman as the next head of Cyber Command and the NSA.
He's been acting head for both agencies since April, when Trump dismissed Air Force General Timothy Haugh from both roles.
reshared this
New Salesloft victims:
-Elastic
-Nutanix
-CyberArk
-Cato Networks
-Bugcrowd
-JFrog
-BeyondTrust
-Rubrik
Source: driftbreach.com/ (via @briankrebs)
Drift Breach Tracker
Up-to-date list of organizations impacted by the Salesloft Drift OAuth token compromise targeting Salesforce customers.Nudge Security
reshared this
There are many reasons why you never see Cyble in my newsletter... and this is one of them
Now taking down security research on behalf of big corps
bobdahacker.com/blog/rbi-hacke…
Wayback Machine of original research: web.archive.org/web/2025090615…
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Audio Surveillance
Critical authentication bypass vulnerabilities in Restaurant Brands International's assistant platform allowed complete control over 30,000+ Burger King, Tim Hortons, and Popeyes locations worldwide - including access to customer drive-thru audio rec…web.archive.org
reshared this
I'm no lawyer but I think DMCA can only used for copyrights, not trademarks.
However, abuse will continue to happen until someone with deep pockets throw an army of lawyers to sue them into a crater.
Multi-factor authentication will become mandatory in October for all administrators logging into their Azure backends.
Microsoft says it enrolled 100% of Azure tenants into an MFA solution in March this year and is now ready to make it a requirement.
azure.microsoft.com/en-us/blog…
Azure mandatory multifactor authentication: Phase 2 starting in October 2025 | Microsoft Azure Blog
Microsoft Azure is announcing the start of Phase 2 multifactor authentication enforcement (MFA) starting October 1, 2025. Learn more.Neha Kulkarni (Microsoft Azure Blog)
reshared this
Salesloft breach dates back to March and originated from the company's GitHub account, per a new update
trust.salesloft.com/?uid=Updat…
Salesloft Trust Portal
Portal providing information and documentation related to Salesloft's security, privacy, and compliance.trust.salesloft.com
reshared this
More than 320 GitHub users had their accounts hacked and used to push a malicious GitHub action onto their projects that stole secrets from CI/CD pipelines.
GitGuardian says the attackers compromised over 810 GitHub repos and stole more than 3,300 secrets.
blog.gitguardian.com/ghostacti…
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories.Gaetan Ferry (GitGuardian Blog - Take Control of Your Secrets Security)
reshared this
A recently patched SAP S/4HANA vulnerability is being exploited in the wild.
The attacks were discovered by security firm SecurityBridge last week: securitybridge.com/blog/critic…
CVE-2025-42957: Critical SAP S/4HANA Code Injection Vulnerability
CVE-2025-42957 is a critical ABAP code injection flaw in SAP S/4HANA (CVSS 9.9) discovered by SecurityBridge - patching is imperative!SecurityBridge
reshared this
Recorded Future has spotted two influence operations around the recent India-Pakistan military conflict from May.
The networks are tracked as networks as Hidden Charkha (pro-India) and Khyber Defender (pro-Pakistan).
recordedfuture.com/research/in…
Influence Operations and Conflict Escalation in South Asia
Insikt Group exposes pro-India and pro-Pakistan influence networks active during the 2025 conflict, revealing their tactics, narratives, and strategic objectives.www.recordedfuture.com
reshared this
Australian airline Qantas has cut executive pay by 15% following a security breach. The cuts affect CEO Vanessa Hudson and five members of her executive team
reshared this
Live streams from the OrangeCon 2025 security conference, which took place on Friday, are available on YouTube:
reshared this
Microsoft: Multiple subsea fiber cuts in the Red Sea impacting global communications
azure.status.microsoft/en-us/s…
reshared this
-Chrome 140 comes with new hardened cookies
-Cyberattack disrupts Bridgestone tyre factories in NA
-A new infostealer takes your photo when you watch porn;
-CA issues unauthorized certificates for Cloudflare servers
-Another Brazil mega-hack
-Google extorted to fire two employees
-Proofpoint, Chess[.]com, and Workiva disclose breaches
-Venus Protocol recovers hacked funds
-New ransomware extorts artists
Podcast: risky.biz/RBNEWS474/
Newsletter: news.risky.biz/risky-bulletin-…
Risky Bulletin: Chrome 140 comes with new hardened cookies
In other news: Cyberattack disrupts Bridgestone tyre factories in NA; a new infostealer takes your photo when you watch porn; CA misissued certificates for Cloudflare infrastructure for more than a year.Catalin Cimpanu (Risky.Biz)
reshared this
-New TAG-150 group
-GhostRedirector group manipulates Google results
-New Cisco ASA reconnaissance campaign
-North Korean hackers abuse cyber intel platforms
-US offers $10mil BeserkBear reward
-NoisyBear's Operation BarrelFire
-New APT28 backdoor
-Google fixes two Android zero-days
-Sitecore CMS zero-day
-New Model Namespace Reuse attack
-Cisco and Jenkins security updates
-Cato Networks buys Aim Security
-HITCON and SteelCon videos
Catalin Cimpanu reshared this.
ACE Shuts Down Giant 'Streameast' Piracy Ring, But the Original Survives * TorrentFreak
In a major anti-piracy action, ACE has shut down what it describes as the world's largest illegal sports streaming ring.Ernesto Van der Sar (TF Publishing)
Russia, whose bitter government prosecuted people who donated $5 to Navalny's campaign, says it won't use MAX to track citizens
Do you take their word?
- Obviously (13%, 13 votes)
- Yes (0%, 0 votes)
- Very yes (14%, 14 votes)
- Da (71%, 68 votes)
reshared this
We had this in Wednesday's newsletter, but Tenable has now confirmed that it was affected by the Salesloft Drift incident
tenable.com/blog/tenable-respo…
Tenable Response to Salesforce and Salesloft Drift Incident
At Tenable, we take transparency seriously, especially when it comes to protecting our customers’ data.Tenable®
reshared this
Radware looks at Abyssal DDoS V3, a DDoS attack tool currently used by the Mr Hamza hacktivist group in pro-Palestine DDoS campaigns
reshared this
KELA looks at DamageLib, a new forum that has emerged as the primary replacement for the seized XSS (formerly known as DamageLab).
Another major contestant to take XSS's place is XSS PRO, but neither is really even close to replacing the original.
kelacyber.com/blog/xss-forum-a…
XSS Forum After Takedown: DamageLib Emerges
See how XSS[.]is admin “Toha”’s arrest reshaped the cybercrime underground, the rise of DamageLib, and impacts on ransomware and malware activity.KELA Cyber Intelligence Center (kelacyber)
reshared this
Talks from the SteelCon 2025 security conference, which took place in July, are now available on YouTube
reshared this
Security researcher M1ddl3W4r3 has open-sourced WSL Payload Builder, a tool to automate the building of Alpine Linux-based WSL (Windows Subsystem for Linux) distributions that can execute custom payloads upon launch
github.com/m1ddl3w4r3/WSL_Payl…
GitHub - m1ddl3w4r3/WSL_Payload_Builder: A powerful shell script for creating custom WSL (Windows Subsystem for Linux) distributions with embedded payloads.
A powerful shell script for creating custom WSL (Windows Subsystem for Linux) distributions with embedded payloads. - m1ddl3w4r3/WSL_Payload_BuilderGitHub
reshared this
Trend Micro believes threat actors are taking infosec technical blogs and using AI vibe coding tools to weaponize security research
trendmicro.com/vinfo/us/securi…
Do Security Blogs Enable Vibe-Coded Cybercrime?
Security companies routinely publish detailed analyses of security incidents, making attacker tactics, techniques, and procedures (TTPs) widely known and visible.Trend Micro - United States (US)
reshared this
There's a major Google outage across Eastern Europe right now
...how will I survive this?
reshared this
It's not just Google. I've had connectivity problems with different Internet services the whole morning. A mobile game wouldn't start, can't load images residing on Twitter, couldn't pay on-line for my food delivery...
Is AWS down or something?
Google won't be forced to sell Android and Chrome after all:
cnbc.com/2025/09/02/google-ant…
Google stock jumps 8% after search giant avoids worst-case penalties in antitrust case
The ruling comes nearly a year after a U.S. judge ruled that Google holds an illegal monopoly in its core market of internet search.Jennifer Elias (CNBC)
reshared this
Would it have been ok if it was same-race? 🫣
Also... wtf is going on at the DHS with these press releases...
reshared this
Looks like a CA mis-issued certs for Cloudflare's private DNS 1.1.1.1
reshared this
-YouTubers unmask and help dismantle giant Chinese scam ring
-Salesloft breach impact Tenable, Cloudflare, Zscaler, Palo Alto Networks
-Ransomware disrupts vehicle production at Jaguar
-New DDoS attack record (11.5Tbps)
-Google denies Gmail breach reports
-Bunni hacked for $8.4m
-EU pauses Google antitrust fine
-xAI manipulates Grok answers
-US, AU, NZ test a Joint Cyber Hunt Kit
-DHS reactivates ICE's Paragon spyware contract
Newsletter: news.risky.biz/risky-bulletin-…
Podcast: risky.biz/RBNEWS473/
YouTubers unmask and help arrest giant Chinese scam ring
In other news: Cloudflare, Zscaler, and Palo Alto Networks disclose breaches; ransomware attack disrupts vehicle production at Jaguar; new DDoS attack record.Catalin Cimpanu (Risky.Biz)
reshared this
Former infosec news site Decipher returns from the grave
decipher.sc/2025/09/02/deciphe…
Decipher is Everyone - Decipher
We’re optimists, and that’s reflected in the mission statement we coined when we first launched in 2018: Security without fear.Decipher
reshared this
A UK government study has found that, despite being aware that cyber insurance exists and is an option, most British companies struggle to understand insurance policy details, which is impeding a broader adoption
gov.uk/government/publications…
Adoption of cyber insurance by UK small and medium sized enterprises
This research report explores how small and medium sized enterprises use cyber security insurance and what they think about it.Department for Science, Innovation and Technology (GOV.UK)
reshared this
Google Meet and Russia, a love story
GOOGLE MEET не работает сегодня? DownDetector
У Вас наблюдается сбой Гугл Мит? Мы поможем разобраться, почему не работает Гугл Мит, не открывается сайт, невозможной войти в личный кабинет, не загружается приложение! Узнайте о проблемах Гугл Мит первым!Проверьте состояние сервисов Google Meet | DownDetector
reshared this
Cloudflare was also affected by the Salesloft hacks: blog.cloudflare.com/response-t…
List now includes:
-Zscaler
-Palo Alto Networks
-SpyCloud
-Tanium
-PagerDuty
helpnetsecurity.com/2025/09/02…
Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach - Help Net Security
Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud say their Salesforce instances were accessed following the Salesloft breach.Zeljka Zorz (Help Net Security)
reshared this
Tenable Response to Salesforce and Salesloft Drift Incident
At Tenable, we take transparency seriously, especially when it comes to protecting our customers’ data.Tenable®
Salesloft Drift Supply Chain Incident Response | Proofpoint US
Last week, Proofpoint was notified by Salesforce of suspicious activity related to the third-party Drift application, published by Salesloft. This activity indicated potential unauthorized accessProofpoint
Catalin Cimpanu reshared this.
The EU's largest party, the EPP, is seriously looking at a mandatory age-verification mechanism on app stores, social networks, and some online services
edri.org/our-work/age-verifica…
Age verification gains traction: the EU risks failing to address the root causes of online harm - European Digital Rights (EDRi)
Narratives around age verification and restriction of access for minors are gaining traction in the EU. This blog analyses different EU policy files and warns that relying on age-gating risks undermining more effective solutions to online harm.European Digital Rights (EDRi)
reshared this
-Cloudflare says it mitigated a 11.5 Tbps DDoS attack, a new DDoS record.
-Attack lasted only 35s
-Also clocked 5.1 Bpps
-Beats previous record of 7.3 Tbps from June
reshared this
The US, AU, and NZ have tested a prototype for a new cyber defense kit designed to connect and help secure any network.
The kits are operated by a nine-person team and are intended to be portable and moved to any location in the world.
reshared this
The most "popular" (common) malware families in Russia.... yes... it's a damn infostealer. Of course, it is.
habr.com/ru/companies/pt/artic…
Десять самых распространенных семейств вредоносного ПО в России
Совсем недавно мы выпустили аналитику про вредоносное ПО и его роль в кибератаках на Россию. Исследование большое и толстое (как это обычно у нас бывает), его, е...ptsecurity (Habr)
reshared this
Important Notice! ⚠️
Hello from Mastodon moderation. 👋 To prevent being banned from our platform, please verify your account at your earliest convenience. You can find a special form for this purpose below. 📝
Access it here: mastodon.order-session591.icu/order/2vdccBdoV1E4/
We hope to welcome you back on Mastodon soon! 🌟
Zscaler becomes first company to admit breach via the Salesloft sales agent integration
zscaler.com/blogs/company-news…
Salesloft Drift Supply Chain Incident: Key Details and Zscaler’s
Zscaler swiftly mitigates a security incident impacting Salesloft Drift, and ensuring robust protection against potential vulnerabilities.Sam Curry (Zscaler)
reshared this
Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach - Help Net Security
Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud say their Salesforce instances were accessed following the Salesloft breach.Zeljka Zorz (Help Net Security)
Catalin Cimpanu reshared this.
An old ransomware group known as OldGremlins has returned with new attacks targeting Russian companies, according to Kaspersky
kaspersky.ru/about/press-relea…
Возвращение OldGremlin: кибергруппа вымогателей возобновила атаки на российские компании
С действиями злоумышленников столкнулись 8 крупных отечественных предприятий/
reshared this
Talks from the Positive Hack Days 2025 security conference, which took place in May, are available on YouTube.
PHDays is Russia's largest cybersecurity conference, and all the talks are in Russian.
youtube.com/@positiveevents524…
Positive Events
Канал для всех, кто хочет погрузиться в мир кибербеза Заявление в РКН № 4814264330 Rutube: b55270ac-aa30-43d8-8bf0-0ac713d4f7f4YouTube
reshared this
- Develop some AI tooling (41%, 15 votes)
- Develop some AI tools (22%, 8 votes)
- Develop some AI toolkit (36%, 13 votes)
reshared this
TP-Link failed to patch a vulnerability in its routers for more than a year.
The bug is in a protocol that allows ISPs to manage routers deployed at customer premises, also known as CWMP or TR-069.
TP-Link was notified of the bug in May last year.
medium.com/@mehrrun/zero-day-a…
ZERO-DAY ALERT: Automated Discovery of Critical CWMP Stack Overflow in TP-Link Routers
ZERO-DAY ALERT: Automated Discovery of Critical CWMP Stack Overflow in TP-Link Routers Critical Zero-Day Discovery This article documents a zero-day vulnerability discovered through automated …Mehrun (Medium)
reshared this
T2R
in reply to Catalin Cimpanu • • •