Widespread Data Theft Targets Salesforce Instances via Salesloft Drift
Written by: Austin Larsen, Matt Lin, Tyler McLellan, Omar ElAhdan Update (August 28) Based on new information identified by GTIG, the scope of this compromis...
Aggregating 5182 articles from trusted cybersecurity sources
Written by: Austin Larsen, Matt Lin, Tyler McLellan, Omar ElAhdan Update (August 28) Based on new information identified by GTIG, the scope of this compromis...
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes!
Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, teleco...
Written by: Marco Galli Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the "Frontline Bulletin" series brings you the latest...
Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining.
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy Today marks a watershed moment and new benchmark for open-source security and the fu...
Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover.
Summary The Cybersecurity and Infrastructure Security Agency (CISA) and U.S.
Written by: Stuart Carrera, Brian Meyer Executive Summary Broadcom's VMware vSphere product continues to be a top choice for private cloud virtualization, un...
Introduction In mid 2025, Google Threat Intelligence Group (GTIG) identified a sophisticated and aggressive cyber campaign targeting multiple industries, inc...
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open sou...
Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ...
Authorities said scammers previously exploited the feature by posting fake exam questions before the test and later replacing them with the real questions, m...
The digital health company said it learned of the breach on June 8 and the attackers demanded a ransom. The post iRhythm Confirms Data Stolen in Hack appeare...
Opening a new social media account in the UK will soon mean proving you're over 16 with an ID upload or a facial age scan, under a government ban on under-16...
Novo Nordisk, the Danish pharmaceutical giant behind blockbuster weight-loss drugs Ozempic and Wegovy, has confirmed a cybersecurity breach involving unautho...
A data breach affecting the widely used K–12 student information system, Infinite Campus, has exposed the personal information of approximately 137,000 users...
Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients' personal and health information stored on third-party-h...
Maine is still allowing companies to report breaches, but won’t make the portal easily available to the public until after it completes an audit of its proce...
The Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the we...
How the Anubis ransomware group stole and leaked an Italian Adriatic port authority's data
A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in No...
For the latest discoveries in cyber research for the week of 15th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Univer...
The US state of Maine has taken its public data breach notification portal offline after someone submitted fraudulent breach disclosures impersonating two we...