"You type your email address into a website form but never hit submit. Hours later, a marketing email shows up in your inbox. According to new research, that is not a coincidence."
TLP1 : Green
A phishing campaign delivering a new strain of malware, MostereRAT, has been uncovered by cybersecurity researchers. The Remote Access Trojan (RAT) targets Microsoft Windows systems and gives attackers complete control over compromised machines.
TLP1 : Green
A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. The flaw, tracked as CVE-2025-42957, is an ABAP code injection problem in an RFC-exposed function module of SAP S/4HANA, allowing low-privileged authentication users to inject arbitrary code, bypass authorization, and fully take over SAP.
Cloudflare has successfully mitigated the largest DDoS attack (or distributed denial-of-service attack) recorded to date. The attack peaked at 11.5 terabits per second and lasted roughly 35 seconds before being neutralised without disrupting services.
TLP1 : Green
Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week. The internet giant revealed on Tuesday that the attackers gained access to a Salesforce instance it uses for internal customer case management and customer support, which contained 104 Cloudflare API tokens.
Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. The company states that it was one of hundreds of companies affected by a supply-chain attack disclosed last week, in which threat actors abused the stolen authentication tokens to exfiltrate data.
"Scam calls have long been a problem for consumers and enterprises, but a new study suggests they may soon get an upgrade. Instead of a human scammer on the other end of the line, future calls could be run entirely by AI."
TLP1 : Green
"It is business as usual at National Public Data (NPD) despite the breach that exposed 3 billion Social Security numbers and the subsequent leak."
TLP1 : Green
"Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites."
TLP1 : Green
"Citizen Lab’s new report, Hidden Links, uncovers a network of VPN providers like Turbo VPN and VPN Monster that are controlled by a single company and use dangerous security practices, including hard-coded passwords and weak encryption."
TLP1 : Green
