Cloud
-
Microsoft to block unauthorized scripts on Entra ID sign-ins with CSP update
Microsoft will change the Content Security Policy for browser-based Entra ID sign-ins at login.microsoftonline.com to block unauthorized scripts and allow only trusted Microsoft domains, with a global rollout beginning mid-to-late October 2026; organisations are asked to test sign-in flows and avoid tools that inject code.
-
Gainsight says more customers affected as Salesforce revokes Gainsight-linked access tokens
Gainsight said suspicious activity tied to its applications affected more customers than initially reported and that Salesforce revoked related access tokens; the intrusion has been claimed by ShinyHunters while investigators and vendors take containment steps.
-
ASUS issues firmware updates to fix critical AiCloud authentication bypass
ASUS has issued firmware updates to fix nine vulnerabilities, including a critical authentication bypass (CVE-2025-59366) in routers with AiCloud enabled, and advised users to update firmware or apply mitigations for end-of-life devices.
-
Researchers find thousands of credentials in JSONFormatter and CodeBeautify archives
Researchers at watchTowr Labs said they recovered over 80,000 files saved to JSONFormatter and CodeBeautify that contained thousands of credentials and sensitive records spanning government, finance, telecoms and other sectors; both sites have temporarily disabled the save feature.
-
Shai‑Hulud campaign trojanises hundreds of npm packages and leaks CI/CD secrets to GitHub
A renewed Shai‑Hulud campaign has published thousands of trojanised npm packages that steal developer and CI/CD secrets and post them to GitHub; researchers at Aikido and Wiz say the operation modified legitimate packages, used compromised maintainer accounts and is leaking secrets in automatically created GitHub repositories.
-
China-linked APT31 used local cloud services and public tools to target Russian IT sector, Positive Technologies reports
Researchers at Positive Technologies say China-linked APT31 targeted Russian IT firms between 2024 and 2025, using Yandex Cloud and a mix of public and custom tools to maintain long-term access and exfiltrate data.
-
Grafana patches CVSS 10.0 SCIM flaw that could allow impersonation
Grafana released updates to fix CVE-2025-41115, a CVSS 10.0 vulnerability in its SCIM provisioning component that could allow privilege escalation or user impersonation when specific configuration options are enabled; affected Enterprise versions and fixed releases were listed and users are urged to apply patches.
-
Google: APT24 Used New ‘BADAUDIO’ Malware in Years-Long Espionage Campaign
Google Threat Intelligence Group says a China-nexus actor tracked as APT24 used a previously undocumented downloader called BADAUDIO in a campaign from November 2022 into 2025, employing watering holes, supply-chain compromises and spear-phishing to deliver backdoors and second-stage payloads.
-
Salesforce revokes Gainsight app tokens after suspected unauthorized access
Salesforce revoked access tokens and removed Gainsight-published applications from the AppExchange after detecting activity that may have allowed unauthorised access to some customers’ data; investigations attribute the campaign to actors linked to the ShinyHunters group.
-
Self‑replicating botnet abuses Ray clusters to mine cryptocurrency, steal data and launch DDoS attacks
Researchers say a campaign called ShadowRay 2.0 has been exploiting internet‑facing Ray clusters using CVE‑2023‑48022 and Ray’s orchestration features to spread a self‑replicating botnet that mines cryptocurrency, steals proprietary data and launches DDoS attacks, with attackers targeting large GPU environments and using automated discovery and multi‑stage payloads.
