A severe vulnerability in Windows Defender’s update process allows attackers with administrator privileges to disable the security service and manipulate its core files. The technique,…
Rebecca Slaughter’s return-to-work orders have been put on hold for the second time this year, after the U.S. Supreme Court stepped in to block a…
In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads…
A critical security vulnerability has been discovered in Progress OpenEdge, a platform for developing and deploying business applications. The flaw, identified as CVE-2025-7388, allows for…
Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked to hijack crypto wallets via injected code.…
Sep 08, 2025Ravie LakshmananSupply Chain Attack / API Security Salesloft has revealed that the data breach linked to its Drift application started with the compromise…
Qualys has confirmed it was impacted by a widespread supply chain attack that targeted the Salesloft Drift marketing platform, resulting in unauthorized access to a…
This week on the Lock and Code podcast… In the late 2010s, a group of sheriffs out of Pasco County, Florida, believed they could predict…
Salesloft said it has restored the integration between its Drift platform and Salesforce after an investigation by Mandiant linked an August supply chain attack to…
Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft…
A massive data breach in early September 2025 attributed to a cyber actor known simply as “Kim” laid bare an unprecedented view into the operational…
A critical zero-day vulnerability (CVE-2025-53690) is being actively exploited in Sitecore. This flaw, originating from old, insecure keys, allows hackers to achieve Remote Code Execution…
