Application Security

Salesforce Supply Chain Breach Hits Palo Alto Networks Customers
Application Security
Salesforce Supply Chain Breach Hits Palo Alto Networks Customers
Palo Alto Networks confirmed exposure of customer records in a Salesforce breach via Drift tokens, as Unit 42 warned attackers mass-exfiltrated sensitive data and credentials ...
Amazon Disrupts Midnight Blizzard Campaign Targeting Microsoft 365
Application Security
Amazon Disrupts Midnight Blizzard Campaign Targeting Microsoft 365
Amazon disrupted a Midnight Blizzard campaign where Russian hackers used compromised websites, fake Cloudflare pages, and Microsoft device code abuse to target enterprise Microsoft 365 ...
Zscaler Data Breach Exposes Customer Information After Salesloft Drift Compromise
Application Security
Zscaler Data Breach Exposes Customer Information After Salesloft Drift Compromise
Zscaler confirmed a Salesforce data breach linked to the Salesloft Drift compromise, exposing customer information but not its core services. The incident highlights escalating OAuth ...
NCSC Warns of Malware Campaign Using Fake PDF Editors
Application Security
NCSC Warns of Malware Campaign Using Fake PDF Editors
The NCSC uncovered a malware campaign using fake PDF editors and manual finder tools to turn devices into residential proxies, enabling criminals to mask their ...
Brokewell Android Malware Spread Through Fake TradingView Ads
Application Security
Brokewell Android Malware Spread Through Fake TradingView Ads
Cybercriminals are exploiting Meta’s ad network to push fake TradingView Premium apps that secretly install Brokewell malware on Android devices, stealing data and hijacking user ...
Critical SharePoint Zero-Day Exploited Immediate Steps Against CVE-2025-53770 Vulnerability
Application Security
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
A critical zero-day in Microsoft SharePoint, tracked as CVE-2025-53770, is being widely exploited in espionage and ransomware campaigns. Dubbed “ToolShell,” the flaw enables unauthenticated remote ...
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Application Security
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
Application Security
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
GreyNoise detected nearly 1,971 IPs scanning Microsoft RDP Web Auth portals to test timing flaws and enumerate usernames, potentially preparing credential-based attacks during US back-to-school ...
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
Application Security
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
MathWorks disclosed a ransomware attack exposing PII for more than 10,000 users; intrusion lasted from April 17 to May 18, with services disrupted for nearly ...
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
Application Security
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
A newly advertised data-scraping service claims to index 1.8 billion Discord messages, 207 million voice sessions, and profiles from 35 million users. Researchers warn the ...