Author: Staff Writer

Fast Facts Plex experienced a data breach where hackers stole customer email addresses, usernames, and securely hashed passwords, prompting a password reset warning. The company emphasizes that the accessed passwords were hashed securely, but the type of hashing algorithm remains undisclosed, raising concerns about potential cracking attempts. Plex advises users to reset passwords via their website, sign out of connected devices, and enable two-factor authentication for enhanced security, especially for SSO users. This incident marks the second similar breach for Plex since August 2022, highlighting ongoing security challenges despite the company’s efforts to address vulnerabilities. Key Challenge Plex, a popular…

Top Highlights Authorities uncovered 45 domains linked to Chinese espionage groups Salt Typhoon and UNC4841, with some dating back to May 2020, indicating long-term activity. These groups have historically targeted telecommunications and exploited vulnerabilities, including the CVE-2023-2868 flaw, with Salt Typhoon linked to China’s Ministry of State Security. Many domains utilized high-density IP addresses and fake registration details, such as a May 2020 domain registered by a persona claiming to be from Los Angeles. Organizations are advised to review DNS and IP logs from the past five years for these domains and related activity to detect potential espionage efforts. Key…

Top Highlights Qualys confirmed it was impacted by a supply chain attack via the Salesloft Drift platform, leading to unauthorized access to some Salesforce data through stolen OAuth tokens. The breach exclusively affected Salesforce contact and lead information, with no disruption to Qualys’s core infrastructure or customer data on the Cloud Platform. Qualys responded swiftly by disabling all Drift integrations and engaging Mandiant for an internal investigation, ensuring operational stability. Several major organizations — including Palo Alto Networks, Zscaler, Google, Cloudflare, PagerDuty, and Tenable — were also victims of this widespread campaign against Salesloft Drift. What’s the Problem? Qualys revealed…

Quick Takeaways Current AI tools for ransomware are limited to university labs, but there’s potential for real threat actors to develop practical versions. Such tools could democratize ransomware, making it accessible to less technically skilled criminals. Experts like Joseph Steinberg acknowledge that malicious AI capabilities are already evolving and could be exploited by cybercriminals. The advancement of AI in cybersecurity signals increasing risks of automation in malicious activities. What’s the Problem? The story highlights the emergence of a new concern in cybersecurity, where researchers at NYU have developed a proof-of-concept AI tool capable of aiding in ransomware activities, though currently…

Fast Facts Lovesac, a US-based furniture retailer, disclosed a cybersecurity breach where hackers accessed and stole personal data, including full names, affecting an undisclosed number of individuals. The breach occurred between February 12 and March 3, 2025, was discovered on February 28, 2025, and was remediated within three days, with no current evidence of data misuse. The RansomHub ransomware gang claimed responsibility for the attack, threatening to leak stolen data if unpaid, though it’s unclear if this threat was carried out. The company is offering impacted individuals free credit monitoring services through Experian and urges vigilance against phishing, amid ongoing…

Summary Points The US imposed sanctions on 19 entities and individuals in Burma and Cambodia linked to large-scale cyber scam hubs, targeting operations that exploit vulnerabilities of Americans online and generate over $10 billion in losses annually. These scam centers, often operating near the Burma-Thailand border, are linked to cash-intensive crimes like virtual currency investment scams, gambling, and drug trafficking, with key figures controlling property and organizations supporting these illicit activities. Victims are frequently coerced into participating through forced labor, debt bondage, violence, and threats, highlighting modern slavery issues intertwined with cybercrime in Southeast Asia. The sanctions aim to disrupt…

Fast Facts LunaLock is a sophisticated ransomware first observed in early September 2025, targeting freelance illustrators and digital artists through spear-phishing and credential theft. It employs a multi-stage deployment with modular architecture, including plugins for network propagation, credential theft, and evading endpoint detection, while exfiltrating stolen artwork before encryption. The malware encrypts source files (.PSD, .AI) with a ".lunalock" extension, demands Monero ransom, and uses techniques like disabling Windows Defender and dynamic API resolution to avoid detection. LunaLock achieves persistence via a hidden scheduled task “SysUpdate,” and confirms infection with C2 communication before encrypting network drives with AES-256, highlighting its…

Essential Insights All companies in Germany, regardless of size or sector, are vulnerable to cyberattacks, especially ransomware incidents in 2024 that caused operational disruptions, revenue losses, high recovery costs, and reputational damage. The misconception that small businesses are less targeted is false; every enterprise holds valuable data attractive to cybercriminals. Cyber threats persist into 2025, with numerous German firms already affected by breaches, emphasizing the ongoing risk landscape. Maintaining long-term cybersecurity measures alone may be insufficient; ongoing vigilance and updated defenses are crucial to protect against increasingly sophisticated attacks.** Key Challenge In 2024, a multitude of German companies fell victim…

Fast Facts Salesloft attributes the root cause of its supply-chain attack to a threat group gaining access to its GitHub account as early as March, leading to extensive data theft across hundreds of organizations. The threat group, tracked as UNC6395 by Google, infiltrated Salesloft’s environment, downloaded content from repositories, added a guest user, and accessed Drift’s AWS environment to steal OAuth tokens over a month-long period. Key details remain undisclosed, including how the GitHub and AWS breaches occurred, raising concerns over the company’s security practices and transparency. Salesloft temporarily took Drift offline, rotated security keys, and is investigating ongoing impacts,…

Fast Facts Supply Chain Breach: A threat actor (UNC6395) compromised Salesloft’s GitHub account, leading to a significant supply chain breach affecting hundreds of Salesforce instances by stealing OAuth tokens from the Drift application. OAuth Abuse: The attack involved the retrieval of sensitive data from various Salesloft repositories, with stolen OAuth tokens potentially compromising not only Salesforce but other integrations as well. Widespread Impact: Numerous companies, including Zscaler and Cloudflare, reported that their Salesforce instances were breached, with sensitive internal data and API tokens being exposed during the attack. Security Response: Following the incident, Salesforce temporarily disabled all integrations with Salesloft,…