Salesforce Customers Targeted by Data-Theft Extortion Campaign
Hackers exploited OAuth tokens in third-party Salesforce integrations, stealing CRM data and extorting affected customers. Salesforce urges clients to rotate credentials.
Category: LATEST
Read More
Huawei Data Breach Exposes Partner and Employee Information
Huawei confirmed a data breach stemming from a compromised vendor system, exposing partner and employee records. Security experts warn of new supply-chain risks.
Exploit Published for Sudo CVE-2025-32463 Urgent Patch Needed
A public PoC exploit for CVE-2025-32463 in Sudo has been released, enabling local privilege escalation to root. Linux users are urged to update to Sudo 1.9.16p1.
Signal Urges Germany Not to “Capitulate” to Client-Side Scanning
Signal has called on Germany to reject the EU’s chat control proposal, warning that client-side scanning would break encryption, facilitate surveillance, and undermine trust in private communication.
CVE-2025-61882: Oracle’s Emergency Patch After Cl0p Exploits
A zero-day vulnerability in Oracle E-Business Suite, CVE-2025-61882, has been actively exploited by Cl0p in data theft campaigns. Oracle’s emergency patch addresses unauthenticated remote code execution in the BI Publisher integration component.
Sora Update: Creator Control and Revenue Models for Characters
OpenAI plans to give content owners greater control over how their characters appear in Sora, moving toward an opt-in model and instituting revenue-sharing for participating rights holders.
ICS Calendar XSS Risk: New Zimbra Zero-Day Exploit Revealed
Researchers discovered a zero-day in Zimbra webmail where malicious JavaScript injected into .ICS calendar files executes within session context — allowing attackers to steal emails, credentials, and forward mail.
CometJacking Turns Browser Sessions into Covert Proxy Channels
CometJacking abuses browser WebSockets to hijack user connections, turning them into proxy nodes with a single click. The exploit marks a new wave of malware-less attacks that rely on web technologies rather than traditional payloads.
How Detour Dog Exploits DNS TXT for Advanced Malware Delivery
Detour Dog has transitioned into DNS-powered malware operations. Its latest campaign distributes Strela Stealer through TXT-encoded commands and modular backdoors. This evolution marks a new wave of protocol abuse challenging traditional network defense.
CVE-2025-10547: DrayOS WebUI Flaw Allows Hackers Full Control
CVE-2025-10547, a vulnerability in DrayOS routers, can lead to remote code execution via the WebUI. Administrators should patch and disable external access immediately.