-
Cybersecurity company Zscaler has confirmed it fell victim to a widespread supply-chain attack that exposed customer contact information through compromised Salesforce credentials linked to marketing platform Salesloft Drift. The breach, disclosed on August 31, 2025, stems from a larger campaign targeting Salesloft Drift’s OAuth tokens that has impacted over 700 organizations worldwide. Zscaler emphasized that […] The post Zscaler Confirms Data Breach – Hackers Compromised Salesforce Instance and Stole Customer Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
macOS has long been recognized for its robust, integrated security stack, but cybercriminals are finding ways to weaponize these very defenses. Recent incidents show attackers exploit Keychain, SIP, TCC, Gatekeeper, File Quarantine, XProtect, and XProtect Remediator to stealthily deliver malicious payloads. Key Takeaways1. Abuse of macOS tools (Keychain, SIP, File Quarantine) for credential theft and […] The post Hackers Leverage Built-in MacOS Protection Features to Deploy Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Attack Surface Management (ASM) is a proactive security discipline focused on continuously discovering, analyzing, and reducing an organization’s external-facing digital footprint. In 2025, with the proliferation of cloud services, remote work, and supply chain dependencies, an organization’s attack surface has grown exponentially. Top ASM solutions have evolved beyond simple asset inventory to provide AI-driven risk […] The post Top 10 Attack Surface Management Software Solutions In 2025 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has issued a broad security alert to its 2.5 billion Gmail users, advising them to enhance their account security in the wake of a data breach involving one of the company’s third-party Salesforce systems. The incident, which occurred in June 2025, has escalated concerns over sophisticated phishing campaigns targeting a massive user base. In […] The post Google Warns 2.5B Gmail Users to Reset Passwords Following Salesforce Data Breach appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed. The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems to compromise devices and access user data. WhatsApp has since patched the vulnerability and has […] The post WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has confirmed that a security breach involving the Salesloft Drift platform is more extensive than initially reported, potentially compromising all authentication tokens connected to the service. The new findings from the Google Threat Intelligence Group (GTIG) indicate that the incident, previously thought to be limited to Salesforce integrations, affects all third-party applications connected to […] The post Google Confirms Potential Compromise of All Salesloft Drift Customer Authentication Tokens appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which involved unauthorized access to data stored on a third-party application. On July 28, 2025, TransUnion […] The post TransUnion Hack Exposes 4M+ Customers Personal Information appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply chain attack has compromised the popular Nx build platform, affecting millions of weekly downloads and resulting in widespread credential theft. The attack, dubbed “s1ngularity,” represents one of the most comprehensive credential harvesting campaigns targeting the developer ecosystem in 2025. GitGuardian observed that malicious actors infiltrated multiple Nx package versions (20.9.0 through 21.8.0) […] The post Nx Packages With Millions of Weekly Downloads Hacked With Credential Stealer Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign has been identified, where threat actors impersonate IT helpdesk personnel through Teams’ external communication features, exploiting the platform’s default configuration to bypass traditional email security measures and gain unauthorized screen-sharing and remote-control capabilities. The attacks leverage Teams’ external collaboration features, which are enabled by default in Microsoft 365 tenants, allowing attackers […] The post Hackers Exploit Microsoft Teams, Posing as IT Help Desk for Screen Sharing and Remote Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a sophisticated campaign uncovered during a recent Advanced Continual Threat Hunt (ACTH) by Trustwave’s SpiderLabs team, threat actors weaponized a legitimate remote management tool, ScreenConnect, to deploy the Xworm Remote Access Trojan (RAT) through a deceptive, multi-stage infection chain. By abusing fake AI-themed content and manipulating digital signatures, the attackers bypassed Endpoint Detection and […] The post Weaponized ScreenConnect RMM Tool Tricks Users into Downloading Xworm RAT appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
