InfoSec News 20250902
Top News
-
Palo Alto Networks data breach exposes customer info, support cases
Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. The company states that it was one of hundreds of companies affected by a supply-chain attack disclosed last week, in which threat actors abused the stolen authentication tokens to exfiltrate data.
TLP1 : Green
-
Amazon disrupts Russian APT29 hackers targeting Microsoft 365
Researchers have disrupted an operation attributed to the Russian state-sponsored threat group Midnight Blizzard, which sought access to Microsoft 365 accounts and data. Also known as APT29, the hacker group compromised websites in a watering hole campaign to redirect selected targets "to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code authentication flow."
TLP1 : Green
-
Jaguar Land Rover says cyberattack ‘severely disrupted’ production
Jaguar Land Rover (JLR) announced that a cyberattack forced the company to shut down certain systems as part of the mitigation effort. Although the incident appears to have a significant impact on the automakers’ production and retail operations, the short statement published on the official website noted that customer data is most likely unaffected.
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
AI firm says its technology weaponised by hackers
US artificial intelligence (AI) company Anthropic says its technology has been "weaponised" by hackers to carry out sophisticated cyber attacks. Anthropic, which makes the chatbot Claude, says its tools were used by hackers "to commit large-scale theft and extortion of personal data".
TLP1 : Green
-
Iran arrests eight suspected of spying for Israel’s Mossad in 12-day war
Iran has arrested eight people suspected of attempting to transmit the coordinates of sensitive sites and details about senior military figures during the country’s 12-day war with Israel and the United States to the Israeli intelligence agency Mossad, according to its Islamic Revolutionary Guard Corps (IRGC).
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Zscaler Customer Info Taken in Salesloft Breach
Zscaler has revealed itself as the latest corporate victim of a major supply chain campaign targeting Salesforce customer data. The security vendor said that OAuth tokens linked to the third-party Salesloft Drift application were stolen by an adversary, enabling them to access its Salesforce instance.
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
WhatsApp Patches Zero-Day, Zero-Click Flaw
WhatsApp has patched a critical zero-day vulnerability it believes was exploited in a sophisticated attack. The messaging giant revealed in a security advisory late last week that CVE-2025-55177 relates to “incomplete authorization of linked device synchronization messages.”
TLP1 : Green
-
Lazarus Hackers Exploit 0-Day to Deploy Three Remote Access Trojans
Over the past two years, Fox-IT and NCC Group have tracked a sophisticated Lazarus subgroup targeting financial and cryptocurrency firms. This actor overlaps with AppleJeus, Citrine Sleet, UNC4736 and Gleaming Pisces campaigns and leverages three distinct remote access trojans (RATs)—PondRAT, ThemeForestRAT and RemotePE—to infiltrate and control compromised systems.
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Pennsylvania AG Office says ransomware attack behind recent outage
The Office of the Pennsylvania Attorney General announced that a ransomware attack is behind the ongoing two-week service outage. In an official statement, Attorney General David W. Sunday Jr. said that the office refused to pay the attackers.
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems.
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.