On September 12, 2025, the Federal Bureau of Investigation (FBI) issued a FLASH alert detailing the operations of two cybercriminal groups, UNC6040 and UNC6395, which are targeting Salesforce instances to exfiltrate data and extort organizations. This alert, intended for cybersecurity professionals (CERTs, SOC analysts, CISOs), outlines the initial access vectors, data exfiltration techniques, authentication bypass…
On September 9, 2025, Microsoft released security updates addressing over 80 vulnerabilities across Windows operating systems and related software (81 vulnerabilities were patched on this date). Notably, there were no actively exploited “zero-day” vulnerabilities in this month’s update bundle. However, two publicly disclosed vulnerabilities (zero-days) were fixed, meaning they were known to attackers or researchers…
Executive Summary The Russian state-sponsored threat group APT-C-53 (Gamaredon), active since 2013, continues its espionage operations against Ukrainian governmental and military institutions. In 2025, its campaigns have evolved to include dynamic migration of command-and-control (C2) infrastructures to legitimate cloud services (Microsoft Dev Tunnels, Cloudflare Workers) and the use of advanced obfuscation techniques to bypass detection.…
I want to alert you to a major security incident that is currently making waves in the JavaScript community. We are dealing with a software supply chain attack in the npm ecosystem: no fewer than 18 highly popular packages (including chalk and debug) were compromised through a hijacked maintainer account. As a result, malicious versions…
I propose an article on Scattered Spider, the name given by a security vendor (CrowdStrike) to a group of cybercriminals that has recently emerged in the cybercrime landscape. I tried to keep it short, but far too much information gets lost—happy reading. Scattered Spider is the name given by cybersecurity researchers (notably CrowdStrike) to a…
A recent supply-chain attack targeting Salesloft – the provider of a popular AI chatbot integrated with Salesforce – has compromised data from hundreds of companies. Tracked by Google as threat group UNC6395, the attackers stole OAuth access tokens for Salesloft’s Drift chatbot integration and used them between August 8 and August 18, 2025 to illicitly…
