Hackers steal data from Salesforce instances in widespread campaign
Hackers stole user credentials from Salesforce customers in a widespread campaign earlier this month, according to researchers at Google Threat Intelligence Group, who warned that…
Month: August 2025
Researchers flag code that uses AI systems to carry out ransomware attacks
Researchers at cybersecurity firm ESET claim to have identified the first piece of AI-powered ransomware in the wild. The malware, called PromptLock, essentially functions as…
Threat Actors Leverage AI Agents to Conduct Social Engineering Attacks
Cybersecurity landscapes are undergoing a paradigm shift as threat actors increasingly deploy agentic AI systems to orchestrate sophisticated social engineering attacks. Unlike reactive generative AI…
Exetel fined $694k over system ‘vulnerability’ in mobile number porting
Exetel has been penalised $694,000 after scammers were able to port mobile numbers to the telco and use them to steal hundreds of thousands of…
The Third Limitation to Creativity
I just wrote a new piece about the two primary limitations to creativity. You should check it out. But after finishing it I realized there…
Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent
Google Threat Intelligence Group warned about a “widespread data theft campaign” that compromised hundreds of Salesforce customers over a 10-day span earlier this month. According…
Google to Add New Layer of Developer Verification to Distribute Apps on Play Store
Android’s open ecosystem has been both its greatest strength and a persistent security challenge. While sideloading offers developers and users unparalleled freedom, it has also…
Citrix fixed three NetScaler flaws, one of them actively exploited in the wild
Citrix fixed three NetScaler flaws, one of them actively exploited in the wild Pierluigi Paganini August 26, 2025 Citrix addressed three vulnerabilities in NetScaler ADC…
MCPs are just other people’s prompts and other people’s APIs
I’ve been thinking about Model Context Protocols (MCPs) for months, and here’s the simplest way to explain what they actually are: MCPs are other people’s…
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments…
CISA Adds Citrix Vulnerabilities To KEV As New Flaws Emerge
The U.S. Cybersecurity and Information Security Agency (CISA) has added two Citrix vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog just as new Citrix vulnerabilities…
New Attack Targeting ScreenConnect Cloud Administrators to Steal Login Credentials
A sophisticated credential harvesting campaign has emerged targeting ScreenConnect cloud administrators with spear phishing attacks designed to steal super administrator credentials. The ongoing operation, designated…