O Grupo de Inteligência de Ameaças do Google (GTIG) tem publicado Um aviso sobre uma ampla operação de roubo de dados direcionando instâncias corporativas do Salesforce através da integração de deriva. A partir de 8 de agosto de 2025, a UNC6395 alavancou os tokens de acesso e atualização válidos associados ao aplicativo Salesloft Drift para … Ler mais
Google is introducing a new defense for Android called‘Developer Verification’ toblockmalware installations from sideloaded apps sourced from outside the official Google Playapp store. For apps on Google Play, there was already a requirement for publishers to provide a D-U-N-S (Data Universal Numbering System) number, introduced on August 31, 2023. Google says this has had a … Ler mais
A Check Point Research descobriu uma operação de phishing altamente persistente apelidada de Zipline, que reverte os vetores de ataque tradicionais, explorando os formulários da Web “Entre em contato conosco” das vítimas para iniciar comunicações comerciais aparentemente legítimas. Direcionando principalmente empresas de manufatura baseadas nos EUA em setores críticos da cadeia de suprimentos, a campanha … Ler mais
Citrix fixed three NetScaler ADC and NetScaler Gatewayflaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability. The CVE-2025-7775 flaw is a memory overflow bug that can lead tounauthenticated, remote code execution on vulnerable devices. In an advisory released today, Citrix states that … Ler mais
State-sponsored hackers linked to the Silk Typhoonactivity cluster targeted diplomats by hijacking web traffic to redirect to a malware-serving website. The hackers used anadvanced adversary-in-the-middle (AitM) technique to hijack the captive portal of the network and send the target to the first-stage malware. GoogleThreat Intelligence Group (GTIG) tracks the threat actor as UNC6384 and, based … Ler mais
Os pesquisadores revelaram o OneFlip, um novo ataque de backdoor de tempo de inferência que compromete as redes neurais profundas de precisão completa (DNNs), lançando apenas um pouco nos pesos do modelo, marcando uma escalada significativa na praticidade de ataques baseados em hardware contra Sistemas de IA. Diferentemente dos métodos tradicionais de backdoor que requerem … Ler mais
Farmers Insurance discloses a data breach impacting 1.1M customers Farmers Insurance suffered a breach tied to Salesforce attacks, exposing data of 1.1M customers across its nationwide insurance network. Farmers Insurance disclosed a data breach affecting 1,071,172 customers, linked to the recent wave of Salesforce attacks, as per Bleeping Computer. The company is an American insurer … Ler mais
As paisagens de segurança cibernética estão passando por uma mudança de paradigma, à medida que os atores de ameaças implantam cada vez mais sistemas de IA agênticos para orquestrar ataques sofisticados de engenharia social. Ao contrário do generativo reativo Modelos de IA Isso apenas produz conteúdo como DeepFakes ou e-mails de phishing, a IA Agentic … Ler mais
Citrix fixed three NetScaler flaws, one of them actively exploited in the wild Citrix addressed three vulnerabilities in NetScaler ADC and NetScaler Gateway, including one that has been actively exploited in the wild. Citrix addressedthree security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it said has been actively … Ler mais
Update: Story updated with further information. Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. Salesloft’s SalesDrift is a third-party platform that connects the Drift AI chat agent with a Salesforce instance, allowing organizations to sync … Ler mais
