Collaborate Disseminate
In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps connected to Salesforce. “Our investigation indicates this activity may… Continue reading Salesforce investigates new incident echoing Salesloft Drift compromise
In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps connected to Salesforce. “Our investigation indicates this activity may… Continue reading Salesforce investigates new incident echoing Salesloft Drift compromise
There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user… Continue reading Security gap in Perplexity’s Comet browser exposed users to system-level attacks
A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. Multi-stage delivery Dubbed DigitStealer by Jamf researchers, this threat is u… Continue reading MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices
NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) being exploited by attackers. “Active exploitation of CVE-2025-11001 has been observed in… Continue reading 7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001)
Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time. About CVE-2025-58034 CVE-2025-58034 is an OS Command Injection flaw caused by improper neutralization… Continue reading Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)
A currently undisclosed issue has crippled Cloudflare’s network and has rendered a large swathe of internet’s most popular sites and services temporily inaccessible today. Some of the sites and services affected by the Cloudflare outage (So… Continue reading Internet slowly recovers after far-reaching Cloudflare outage
Google has shipped an emergency fix for a Chrome vulnerability (CVE-2025-13223) reported as actively exploited in the wild by its Threat Analysis Group (TAG). About CVE-2025-13223 CVE-2025-13223 is a type confusion vulnerability in V8, the JavaScript a… Continue reading Google patches yet another exploited Chrome zero-day (CVE-2025-13223)
Logitech, the Swiss multinational electronics and technology company best known for marketing computer peripherals and hardware, has suffered a data breach. “While the investigation is ongoing, at this time Logitech believes that the unauthorized… Continue reading Logitech confirms data breach
US federal prosecutors have secured guilty pleas from five men who helped North Korean IT workers get hired by companies in the United States. This group of domestic facilitators helped a sanctioned government move money, slip past hiring checks, and p… Continue reading Five men admit helping North Korean IT workers infiltrate US companies