Cybersecurity Articles

321/68 Thursday, September 4, 2025 Cloudflare has revealed that it successfully mitigated the largest DDoS (Distributed Denial of Service) attack ever recorded, which peaked at 11.5 terabits per second (Tbps). The attack, primarily a UDP flood originating mostly from Google Cloud, was part of a prolonged campaign spanning several weeks. In addition, Cloudflare blocked hundreds […]

320/68 Wednesday, September 3, 2025 Cybersecurity firm Zscaler has issued a statement confirming a data breach after attackers gained access to the company’s Salesforce instance and stole customer information stored in support cases. The incident was linked to the compromise of Salesloft Drift, an AI chat agent integrated with Salesforce, which was exploited as a […]

319/68 Wednesday, September 3, 2025 Cybersecurity researchers have warned of a recent shift in threats targeting the Android operating system. Traditionally, dropper malware-whose main role is to deliver other malware—has been widely used to spread banking trojans designed to steal financial data. However, attackers are now increasingly deploying simpler payloads, such as SMS stealers and […]

318/68 Tuesday, September 2, 2025 Amazon has disclosed that it successfully intercepted a watering hole attack campaign carried out by APT29, a Russian-linked hacking group also known as SVR, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes. The group leveraged compromised websites to redirect users to malicious infrastructure designed to trick victims into entering […]

317/68 Tuesday, September 2, 2025 Cybersecurity researchers from Bitdefender have discovered a fake advertising campaign using Meta’s platform to promote a free TradingView Premium app for Android, which in reality is the Brokewell malware designed to steal data and remotely control devices. The campaign, which began on July 22, involved over 75 ad variations tailored […]

316/68 Monday, September 1, 2025 WhatsApp has issued a security patch addressing CVE-2025-55177 (CVSS 5.4), which has been actively exploited in the wild in conjunction with Apple’s zero-day vulnerability CVE-2025-43300. The flaw stems from insufficient authorization in the Linked Device Synchronization process, which could allow attackers to force unauthorized URL content to be processed on […]

315/68 Monday, September 1, 2025 Researchers from Bitdefender Labs have issued a warning about a malicious advertising (malvertising) campaign on Facebook that tricks Android users into downloading the Brokewell spyware, disguised as ads from TradingView, a popular market analysis platform. Instead of indiscriminately targeting random users, the campaign carefully selected victims through Facebook’s ad system. […]

314/68 Friday, August 29, 2025 Researchers from Google Threat Intelligence Group (GTIG) and Mandiant have uncovered a large-scale campaign targeting the sales automation platform Salesloft to steal OAuth and refresh tokens linked to the Drift AI Chat Agent. The threat actor group UNC6395 leveraged this vector to extract data from the Salesforce systems of multiple […]

313/68 Friday, August 29, 2025 Cybersecurity agencies from the United States and the United Kingdom, along with partners from over 12 other countries, have revealed the connection of a global hacking operation known as Salt Typhoon to three Chinese technology companies: Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., and Sichuan […]

312/68 Thursday, August 28, 2025 Citrix has released security patches to address three vulnerabilities affecting NetScaler ADC and NetScaler Gateway: CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424. Notably, CVE-2025-7775 has already been confirmed as actively exploited on unpatched devices. Vulnerability Details: Recommended Action The Cloud Software Group strongly advises all users to update to the secure versions as […]