Collaborate Disseminate
Malicious versions of at least 18 widely used npm packages were uploaded to the npm Registry on Monday, following the compromise of their maintainer’s account. “The packages were updated to contain a piece of code that would be executed on … Continue reading Fake npm 2FA reset email led to compromise of popular code packages
Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. “We believe the goal of this campaign was to gain initial access to organizations for t… Continue reading Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers
The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month… Continue reading Salesloft Drift data breach: Investigation reveals how attackers got in
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday. Their alert seems… Continue reading Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)
AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users’ view, JFrog AI architect Shaked Zychlinski has found. This novel approach allows attackers to inject prompts / instructions into t… Continue reading Stealthy attack serves poisoned web pages only to AI agents
Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the … Continue reading Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)
A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-5369… Continue reading Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)
Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 Cloudflare API tokens. “We have identified no suspicious activity assoc… Continue reading Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise
In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce insta… Continue reading Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach
A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Chec… Continue reading Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms