Author: Staff Writer

Essential Insights Zscaler was targeted in a major supply-chain attack via compromised Salesforce OAuth tokens linked to Salesloft Drift, impacting over 700 organizations globally. The breach, attributed to threat actor UNC6395, allowed hackers to bypass multi-factor authentication and extract contact information without affecting Zscaler’s core security infrastructure. The compromised data included business contacts, job titles, and Salesforce content, but there is no evidence of data misuse so far. The incident highlights vulnerabilities in SaaS-to-SaaS integrations, urging organizations to tighten permissions, monitor for suspicious activities, and remain vigilant against social engineering. The Core Issue In August 2025, the cybersecurity firm Zscaler…

Top Highlights SIEMs Have Failed: Once effective for log management, SIEMs now generate excessive alerts and costs without improving security outcomes, leading to alert fatigue and SOC burnout. Cost and Complexity: SIEM pricing models based on data volume exacerbate budgetary pressures, causing many organizations to limit log ingestion and weaken their visibility. Outdated Detection Mechanisms: Correlation rules become obsolete due to fast-evolving attack techniques, resulting in a surge of irrelevant alerts that burden analysts. Emerging Solutions: New cloud-native technologies are reshaping security operations, offering scalable log management and efficient automated threat detection, positioning SOCs for a more proactive future. The…

Top Highlights A hacker group called “Scattered LapSus Hunters” has issued an ultimatum to Google, demanding the termination of two employees or face releasing the company’s databases. The group claims inclusion of members from known hacking communities but has not provided evidence of accessing Google’s internal data or confirmed breaches. The threat follows a previous incident where ShinyHunters, allegedly part of the coalition, compromised Salesforce data, a third-party vendor for Google. If true, the alliance of groups like Scattered Spider and LapSus signals a dangerous escalation in cyber threats, potentially challenging major corporations’ security defenses. What’s the Problem? A self-described…

Essential Insights Zscaler experienced a data breach after threat actors exploited a supply-chain attack involving its Salesforce instance, leading to exposure of customer data, support case content, and licensing info. The attack was linked to the compromise of Salesloft Drift credentials, enabling unauthorized access to Salesforce environments and exfiltration of sensitive customer information. Google Threat Intelligence identified a threat actor, UNC6395, responsible for stealing authentication tokens and targeting sensitive credentials across multiple organizations, including Google Workspace and Salesforce. Affected services, including Drift Salesforce and Email integrations, have been temporarily disabled by Google and Salesforce as investigations continue, amid ongoing social…

Fast Facts Rising Threat Landscape: Over 80% of security incidents now arise from web applications, with the Scattered Spider group uniquely targeting browser environments to steal sensitive user data. Advanced Attack Techniques: Scattered Spider employs sophisticated methods, such as Browser-in-the-Browser overlays and session token theft, to bypass traditional security measures like Multi-Factor Authentication. Strategic Defense Recommendations: CISOs are urged to implement a multi-layered browser security strategy, including runtime script protection, extension governance, and contextual security policies to mitigate risks. Importance of Integration and Education: Integrating browser telemetry into existing security frameworks enhances incident response capabilities, while continuous team education on…

Fast Facts Cybersecurity increasingly relies on understanding how small, interconnected vulnerabilities—like unpatched software or misused accounts—combine into major risks, emphasizing the importance of holistic defense. Recent threats include actively exploited vulnerabilities in WhatsApp, critical Docker flaws, and targeted campaigns using contact forms, phishing, and AI-assisted cybercrimes to breach critical sectors and steal data. State-sponsored hackers and sophisticated ransomware groups are evolving tactics, exploiting cloud environments, hijacking network hardware, and using AI to automate large-scale cyberattacks and data theft. Effective security requires proactive measures such as rapid patching, rigorous testing of AI and MCP systems, secure configurations, monitoring, and understanding emerging…

Summary Points Cybercriminals are registering numerous fake domains related to the 2026 FIFA World Cup, often years in advance, to launch credential harvesting, malware distribution, and financial theft campaigns. These domains, distributed across major registrars and using aged or low-cost TLDs, mimic legitimate sites and leverage event-related terms to deceive fans. Malicious websites deploy advanced infection techniques, including JavaScript-delivered payloads, polymorphic loaders, and memory-injected malware, to evade detection and maintain persistence. Ongoing threat activity emphasizes the need for vigilant domain monitoring and proactive cybersecurity measures to protect against sophisticated, long-term cyberattacks tied to major sporting events. Underlying Problem Security researchers…

Fast Facts Cybercriminals are exploiting Windows Defender Application Control (WDAC) to disable Endpoint Detection and Response (EDR) systems at startup, creating significant security gaps. Threat actors, including groups like Black Basta, have adapted a proof-of-concept tool, “Krueger,” into sophisticated malware such as “DreamDemon” to bypass security defenses. These attacks involve deploying malicious WDAC policies that block EDR components by manipulating system files and executing tactics like file hiding and timestomping, often leveraging Group Policy integration. Despite awareness and detection methods, defenses remain insufficient nine months after the initial discovery, leaving critical security systems vulnerable to ongoing exploitation. The Core Issue…

Summary Points Proper restructuring and management of Non-Human Identities (NHIs) are vital for reducing security risks, ensuring regulatory compliance, and enhancing operational efficiency in cloud environments. NHIs restructuring involves a thorough review of identities, secrets, permissions, and their purpose, establishing a secure foundation for monitoring and controlling cloud assets. Effective NHI management strengthens cybersecurity, improves visibility, aids in breach detection, and supports compliance with standards like GDPR and HIPAA. Strategic NHI restructuring acts as a proactive measure, building resilient, future-ready cloud systems that safeguard data, mitigate threats, and reinforce overall cybersecurity posture. The Issue The article reports on the critical…

Top Highlights Controlling Secrets Sprawl—dispersed sensitive data like keys, passwords, and tokens—is essential to reducing cybersecurity risks, preventing breaches, and ensuring compliance. Effective management involves discovering, classifying, monitoring secrets, automating their rotation, and decommissioning unused Non-Human Identities (NHIs) to minimize vulnerabilities. Benefits of Secrets Sprawl control include enhanced security, cost savings, increased operational efficiency, and improved visibility and governance over digital assets. As cloud adoption accelerates, managing secrets and NHIs becomes increasingly critical, making comprehensive control strategies vital for future-proof cybersecurity resilience. The Issue The article reports on the escalating risks associated with Secrets Sprawl—a phenomenon where sensitive information like…