Salesforce Customers Targeted by Data-Theft Extortion Campaign
Hackers exploited OAuth tokens in third-party Salesforce integrations, stealing CRM data and extorting affected customers. Salesforce urges clients to rotate credentials.
Read More
Cybersecurity Newsletter Weekly, Chrome 0-Day, 22.2 Tbps DDoS Attack & More
A rapid cascade of cyber events Chrome zero-day, a record DDoS, Cisco IOS exploit, and Kali Linux upgrade highlight how threat activity keeps accelerating.
Two British Teens Deny Carrying Out High-Impact TfL Cyberattack
Two British teenagers have pleaded not guilty to serious Computer Misuse Act charges over a 2024 cyberattack on Transport for London, an intrusion that disrupted digital services, exposed customer data and allegedly cost the authority about £39 million. Their case now sits at the intersection of teen cybercrime, critical-infrastructure risk and the UK’s toughest penalties for hacking.
Open-Source Module Abused by StealIt Malware for Data Theft
Security researchers have identified a new StealIt malware campaign abusing the NodeJS SingleFile module to exfiltrate sensitive data from compromised environments. This JavaScript-based threat demonstrates how legitimate developer tools can be turned into effective espionage vectors within open-source ecosystems.
ThreatsDay Bulletin: Spyware Alerts and Emerging Global Malware
This week’s ThreatsDay Bulletin highlights rising spyware alerts, global scanning activity, and new Linux backdoor threats essential insight for defenders and SOC teams.
TEE.Fail Targets DDR5 , Exposing Keys from Secure Enclaves
TEE.Fail uses a DDR5 interposer to undermine enclave confidentiality on Intel TDX and AMD SEV-SNP. Because memory encryption lacks strong integrity here, defenders should rethink secrets, strengthen attestation, and tighten physical controls.
North Korea Expands Industrial-Scale Crypto Theft Operations
North Korea has transformed cryptocurrency theft into a state-backed, industrial cyber operation. With coordinated threat groups, refined malware pipelines, and aggressive targeting of exchanges and DeFi platforms, DPRK attackers continue scaling their global theft strategy despite expanding sanctions and international pressure.
Critical Infrastructure Under Attack: Russia-Backed Cybercrime
The U.S. Justice Department indicted a Ukrainian national for her role in Russia-backed cyberattacks targeting critical infrastructure — a move highlighting the resurgence of politically motivated malware campaigns against essential services.
Vampire Bot! BatShadow’s New Go Malware Targeting Job Hunters
BatShadow, a Vietnamese-linked threat actor, now uses Go-based malware dubbed “Vampire Bot” to target job seekers through fake recruiter lures. Victims open disguised files that trigger a multi-stage PowerShell chain delivering the payload, enabling system surveillance, exfiltration, and remote execution under attacker control.
Critical Ivanti Endpoint Code Execution Flaw Exposes Admin
A critical Ivanti Endpoint Manager code execution flaw, tracked as CVE-2025-10573, allows unauthenticated attackers to plant malicious JavaScript in the EPM dashboard and hijack admin sessions. This article explains how the bug works, which versions are affected, and how to patch and harden EPM cores.