News
-
Jaguar Land Rover says cyberattack severely disrupted production; no evidence of customer data theft yet
Jaguar Land Rover said a weekend cyberattack severely disrupted production and retail operations, but there is no evidence yet that customer data was stolen. The company is restarting affected systems and did not specify a timeline for full recovery.
-
Palo Alto Networks says Salesforce data exposed in breach tied to Salesloft Drift supply-chain attack
Palo Alto Networks disclosed a data breach linked to a broader Salesloft Drift supply-chain attack that exposed customer data in its Salesforce CRM. The incident involved OAuth token abuse, mass exfiltration of Salesforce records, and credential harvesting, prompting token revocation, Drift disablement, and guidance for customers to review logs and rotate secrets.
-
NIST Revamps Security Controls to Tighten Software Updates and Patch Management
NIST has revised its Security and Privacy Control Catalog to strengthen software update and patch management, introducing changes aimed at better incident response, root-cause analysis, and cyber resiliency to reduce the window of exposure in software supply chains.
-
Ukrainian Network FDN3 Linked to Massive Brute-Force Campaign Against SSL VPNs and RDP Devices
A Ukraine-based IP network, FDN3, is linked to a broad abusive infrastructure conducting large-scale brute-force and password-spraying campaigns against SSL VPN and RDP devices, with activity spanning June to July 2025 and connections to offshore bulletproof hosting groups.
-
Zscaler confirms Salesforce data exposure tied to Salesloft Drift compromise amid wider Salesforce breach activity
Zscaler confirms a data breach tied to the Salesloft Drift supply-chain attack, exposing customer Salesforce data due to compromised Drift credentials. The company revoked Drift integrations, rotated tokens, and reinforced customer authentication while investigations continue; Google Threat Intelligence links UNC6395 to the broader campaign affecting Salesforce environments.
-
ScarCruft Uses RokRAT in HanKook Phantom Campaign Targeting South Korea
Researchers have uncovered a targeted phishing campaign by North Korea-linked ScarCruft (APT37), dubbed Operation HanKook Phantom, delivering RokRAT to South Korean academics, former officials, and researchers via a manipulated LNK attack chain and PowerShell-based payloads, with exfiltration to multiple cloud services and a willingness to use decoy documents tied to high-profile statements.
-
Amazon says APT29 attempted watering-hole attack to harvest Microsoft credentials; AWS says no systems affected
Amazon said it disrupted an APT29 watering-hole campaign aimed at harvesting Microsoft credentials, stressing that no AWS systems were compromised. The operation used spoofed Cloudflare pages and randomized redirects to trick users, with Google Threat Intelligence and AWS detailing evasion techniques and previous similar activity.
-
WhatsApp patches high-severity vulnerability tied to Apple zero-day in targeted attacks on iOS and macOS
WhatsApp has patched a high-severity vulnerability in its iOS and macOS apps (CVE-2025-55177) that could allow an attacker to process content from an arbitrary URL on a target device, potentially in conjunction with a separate Apple zero-day. Affected versions include iOS and Mac apps; targeted individuals have been notified and advised to reset devices and…
-
TamperedChef information stealer emerges in malvertising campaign promoting AppSuite PDF Editor
Cybersecurity researchers have identified a malvertising campaign delivering a backdoored PDF editor, AppSuite PDF Editor, that drops a new information stealer dubbed TamperedChef. The operation leverages Windows Registry persistence, a C2-enabled backdoor, and widespread Google ad campaigns to maximize downloads.
-
Abandoned Sogou Zhuyin Update Server Hijacked to Deliver Espionage Malware, TAOTH Campaign Reveals
A June 2025 reveal shows attackers hijacking an abandoned Sogou Zhuyin update server to deploy multiple spyware and backdoors (TOSHIS, DESFY, GTELAM, C6DOOR) in a campaign targeting East Asia and overseas Chinese communities, with phishing and OAuth abuse used to gain access to high-value targets.
