Salesloft Drift data breach: Investigation reveals how attackers got in
The attack that resulted in the Salesloft Drift data breach started with the compromise of the company's GitHub account, Salesloft confirmed this weekend. On August 26, the company publicly revealed that earlier that month, a threat actor exfiltrated data from their customers' Salesforce instances by leveraging stolen OAuth credentials that enable the integration of their Drift (Salesloft) chatbot with said instances. READ MORE...
Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack
Hackers used the secrets stolen in the recent Nx supply chain attack to make public over 6,700 private repositories, cybersecurity firm Wiz says. As part of the attack, dubbed s1ngularity, a threat actor used an NPM token for the Nx repository to publish eight malicious versions of the popular open source, technology-agnostic build platform. These malicious Nx iterations contained a post-install script designed to execute a malicious telemetry.js file on Linux and macOS systems. READ MORE...
Financial services firm Wealthsimple discloses data breach
Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. Founded in 2014 and headquartered in Toronto, the financial services firm holds over CAD$84.5 billion in assets (approximately $61 billion). It offers a wide range of financial products targeting investments, trading, cryptocurrency, tax filing, spending, and savings to over 3 million Canadians. READ MORE...
Nexar dashcam video database hacked
A hacker cracked into a database of video recordings taken from Nexar-branded cameras, which are built to be placed drivers' cars, according to a new report from 404 Media. Nexar is a dashcam company that promotes its products as "virtual CCTV cameras" and offers automatic cloud uploads of critical incidents, AI-driven insights, and real-time road alerts. It offers customers remote video streaming, live GPS tracking, and easy-to-share video-evidence. READ MORE...
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure
A 30-year-old man has been charged with launching a cyberattack on the German subsidiary of Russia's state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia's invasion of Ukraine, crippled the company's operations and cost millions of euros in damages. According to investigators at the Federal Criminal Police Office (BKA), the attack saw approximately 20 terabytes of data stolen and then deleted from the business' computer systems. READ MORE...
The crazy, true story behind the first AI-powered ransomware
It all started as an idea for a research paper. Within a week, however, it nearly set the security industry on fire over what was believed to be the first-ever AI-powered ransomware. A group of New York University engineers who had been studying the newest, most sophisticated ransomware strains along with advances in large language models and AI decided to look at the intersection between the two and develop a proof-of-concept for a full-scale, AI-driven ransomware attack. READ MORE...
Anyone Using Agentic AI Needs to Understand Toxic Flows
Today's business elite is breathless for agentic AI possibilities, as CEOs grasp artificial intelligence as an efficiency lifeline. Risks of functional failures aside - and they're most surely a big elephant in the room - security researchers are concerned about the emerging cyber resilience risks that all of these agentic deployments add to the risk register. Toxic flows are an emerging class of agentic AI risk that needs to be on the radars of executives, engineers, and security people alike. READ MORE...
iCloud Calendar abused to send phishing emails from Apple's servers
iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them more likely to bypass spam filters to land in targets' inboxes. Earlier this month, a reader shared an email with BleepingComputer that claimed to be a payment receipt for $599 charged against the recipient's PayPal account. This email included a phone number if the recipient wanted to discuss the payment or make changes to it. READ MORE...
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now
A critical code injection vulnerability in SAP's S/4HANA ERP software that was first disclosed last month is now under exploitation in the wild. SAP previously disclosed and patched CVE-2025-42957, which affects both private cloud and on-premise S/4HANA instances. The flaw, which received a 9.9 CVSS score, allows attackers with low-privileged user access to inject SAP's ABAP code into a system to fully compromise it. READ MORE...
- ...in 1930, 3M begins marketing Scotch brand transparent tape.
- ...in 1943, Gen. Dwight Eisenhower publicly announces the surrender of Italy to the Allies.
- ...in 1966, the crew of the U.S.S. Enterprise takes off on its mission to "boldly go where no man has gone before," with the premiere of Star Trek.
- ...in 1974, President Gerald Ford pardons Richard Nixon for any crimes he may have committed, following Nixon's resignation in the wake of the Watergate scandal.
