How Google, Adidas, and more were breached in a Salesforce scam
At the heart of multiple data breaches against sophisticated and robust companies, including Google, Adidas, Louis Vuitton, and Chanel, was a rudimentary attack method that required little technical finesse-making a phone call. By disguising themselves as IT support personnel on the phone, hackers belonging to the group "ShinyHunters" successfully tricked the employees at several multinational corporations into handing over the data within their own Salesforce platforms. READ MORE...
Air France and KLM disclose data breaches impacting customers
Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers. Together with Transavia, Air France and KLM are part of Air France-KLM Group, a French-Dutch multinational airline holding company founded in 2004 and a major player in international air transport. With a fleet of 564 aircraft and 78,000 employees, Air France-KLM provides services to up to 300 destinations in 90 countries. READ MORE...
Chanel Alerts Clients of Third-Party Breach
Chanel, an over 100-year-old French luxury fashion house, announced in a letter to its clients that it fell victim to a data breach. According to the fashion giant, the breach was first detected on July 25 after threat actors gained access from a third-party service provider. "The data obtained by the unauthorized external party contained limited details of a subset of individuals who contacted our client care center in the U.S.," a spokesperson announced. READ MORE...
New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites
New variants of the HTTP request smuggling attack method impacted several widely used content delivery networks, major organizations, and millions of websites. James Kettle, director of research at application security firm PortSwigger, presented a new attack method on Wednesday at the Black Hat conference. Kettle has worked with several others, including a team of bug bounty hunters, to find impacted organizations and inform them about the risks. READ MORE...
New Ghost Calls tactic abuses Zoom and Microsoft Teams for C2 operations
A new post-exploitation command-and-control (C2) evasion method called 'Ghost Calls' abuses TURN servers used by conferencing apps like Zoom and Microsoft Teams to tunnel traffic through trusted infrastructure. Ghost Calls uses legitimate credentials, WebRTC, and custom tooling to bypass most existing defenses and anti-abuse measures, without relying on an exploit. This new tactic was presented by Praetorian's security researcher Adam Crosser at BlackHat USA. READ MORE...
Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC
Adobe has released an emergency security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE), which fix two critical vulnerabilities (CVE-2025-54253, CVE-2025-54254) with a publicly available proof-of-concept (PoC) exploit. Details about the flaws have been public for days, and attackers may soon try their hand at exploiting them. Searchlight Cyber's Research Team found three critical vulnerabilities in Adobe Experience Manager Forms earlier this year. READ MORE...
Here's how deepfake vishing attacks work, and why they can be hard to detect
By now, you've likely heard of fraudulent calls that use AI to clone the voices of people the call recipient knows. Often, the result is what sounds like a grandchild, CEO, or work colleague you've known for years reporting an urgent matter requiring immediate action, saying to wire money, divulge login credentials, or visit a malicious website. Researchers have been warning of the threat for years, with CISA saying in 2023 that threats from deepfakes have increased "exponentially." READ MORE...
Researchers design "promptware" attack with Google Calendar to turn Gemini evil
Generative AI systems have proliferated across the technology industry over the last several years to such a degree that it can be hard to avoid using them. Google and other big names in AI spend a lot of time talking about AI safety, but the ever-evolving capabilities of AI have also led to a changing landscape of malware threats. Using simple calendar appointments, this team managed to trick Gemini into manipulating Google smart home devices. READ MORE...
Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment
Microsoft on Wednesday informed organizations about a high-severity vulnerability affecting hybrid deployments of Exchange Server. According to Microsoft, the vulnerability, tracked as CVE-2025-53786, can be exploited by an attacker to escalate privileges. "In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization's connected cloud environment," Microsoft explained. READ MORE...
- ...in 1944, IBM dedicates the first program-controlled calculator.
- ...in 1959, from the Atlantic Missile Range in Cape Canaveral, Florida, the U.S. unmanned spacecraft Explorer 6 is launched into an orbit around the Earth.
- ...in 1975, actress Charlize Theron ("Monster", "Mad Max: Fury Road") is born in Benoni, South Africa.
- ...in 1990, President George H.W. Bush orders the organization of Operation Desert Shield in response to Iraq's invasion of Kuwait on August 2.
