Month: August 2025

More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild. The vulnerability affects NetScaler ADC and NetScaler Gateway and the vendor addressed it in updates released yesterday. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Citrix, the security […]

Picture this scenario: Six months after celebrating their “zero trust transformation,” a financial services firm gets hit with a devastating breach. Attackers waltzed through a supply chain vulnerability in a third-party API, bypassing all those carefully configured identity controls . The firm ticked every checkbox and met every requirement – yet here they are, scrambling […]

Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks. Salesloft’s SalesDrift is a third-party platform that connects the Drift AI chat agent with a Salesforce […]

Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday. The impact of the attack was first felt on Sunday morning, with the Governor’s Technology Office stating that a ‘network issue’ began around 1:52 AM PT, affecting […]

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system. The agency has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and has set the patch deadline for federal agencies to September 15th. Git version control system allows software development […]

By Eirik Salmi, System Analyst at Passwork Even though 88% of businesses spend over €1 million on GDPR compliance and 40% invest up to €10 million, 80% of their employees still ignore basic password security practices. The formal risk is obvious: GDPR fines can reach up to €20 million or 4% of global annual turnover. […]

Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI). This came in response to the Qilin ransomware group’s claims that they had stolen four terabytes of data from CBI, including 3D vehicle design models, internal reports, financial […]

U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks. Farmers Insurance is a U.S.-based insurer that provides auto, home, life, and business insurance products. It operates through a network of agents and subsidiaries, serving more than 10 […]

French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed in a cyberattack. The company is sending data breach notifications to customers affected by the incident. “We are writing to inform you that Auchan has been the victim of a cyberattack. This attack […]