Author: Staff Writer

Top Highlights Inc. 5000 Recognition: ATX Defense ranked No. 1779 on the 2025 Inc. 5000 list, marking its first appearance among the fastest-growing private companies with a growth rate exceeding 245% over three years. CMMC Solution for Compliance: The company specializes in providing tailored Cybersecurity Maturity Model Certification (CMMC) solutions, helping small and mid-sized businesses achieve compliance efficiently and affordably. Regional and Sector Success: In addition to its national ranking, ATX Defense secured No. 187 in Texas, No. 50 in the Austin area, and No. 60 among government services firms. Entrepreneurial Resilience: The recognition emphasizes the resilience of businesses like…

Fast Facts In August 2025, attackers used Velociraptor, an open-source digital forensics tool, to download and run malicious software including Visual Studio Code configured to establish remote access to a command-and-control server, aiming to facilitate ransomware deployment. The threat actor exploited the Windows msiexec utility to download malicious installers from attacker-controlled Cloudflare Workers domains, which contained Velociraptor and additional malware like Radmin, facilitating stealthy network access. Visual Studio Code was installed as a service with its tunnel feature enabled, triggering security alerts that allowed for rapid incident response, which likely prevented the attacker from completing their malicious objectives. Organizations should…

Top Highlights New Partnership: Climb Channel Solutions partners with Coro to offer scalable and comprehensive cybersecurity solutions for channel partners amid rising cyber threats. Unified Security Platform: Coro’s all-in-one cybersecurity platform protects against various risks such as email threats, endpoint breaches, and data loss, streamlining protection for SMBs and distributed enterprises. Channel-First Strategy: Both companies emphasize growth and efficiency, with Coro’s CEO highlighting the partnership’s potential to simplify cybersecurity management for partners. Commitment to Innovation: Climb strengthens its position in the cybersecurity distribution sector, enhancing its offerings to ensure partners can protect customers effectively and expand their business. Strategic Collaboration…

Essential Insights Cybercriminals are using a sophisticated social engineering campaign, called ZipLine, that targets manufacturing supply chains by engaging employees through fake contact forms, leading to in-memory malware delivery via weaponized ZIP files. The campaign emphasizes trust, avoiding scare tactics and instead building multi-week, credible communications, often involving fake NDAs and AI-themed lures, to secretly deploy malware like MixShell with stealthy, multi-stage payloads. Attackers abuse legitimate services like Heroku for hosting malicious files, using multi-layered techniques such as DNS tunneling, in-memory execution, and anti-debugging, to avoid detection and maintain persistence across targeted networks. The campaign threatens critical industries worldwide by…

Quick Takeaways FedRAMP High Authorization: Cyera initiates the FedRAMP High authorization process to enhance protection for sensitive government data and support AI adoption in federal agencies. Commitment to Compliance: By pursuing FedRAMP High status, Cyera demonstrates dedication to meeting rigorous compliance standards necessary for secure, AI-driven operations. Collaboration with Coalfire: Cyera partners with Coalfire, an experienced cybersecurity advisory firm, to ensure successful FedRAMP assessments and bolstered data security solutions. Growing AI Adoption: Federal agencies using AI has more than doubled since 2023, emphasizing the critical need for robust data security as the technology becomes integral to operations. Cyera’s Bold Step…

Fast Facts A sophisticated spear phishing campaign, MCTO3030, has targeted ScreenConnect cloud admins since 2022, using low-volume email strategies and convincing domains to evade detection. Attackers exploit Amazon SES to send authentic-looking phishing emails, prompting victims to click “Review Security,” which leads to impersonation sites mimicking legitimate ScreenConnect login pages. The campaign employs advanced adversary-in-the-middle techniques with EvilGinx, intercepting credentials and MFA tokens in real-time, allowing persistent access despite multi-factor authentication defenses. Harvested super admin credentials serve as entry points for subsequent ransomware attacks, notably linked to Qilin ransomware, facilitating widespread malicious deployment across multiple endpoints. What’s the Problem? A…

Fast Facts Leadership Appointment: Bob Layton has been appointed as Apptega’s Chief Revenue Officer to drive the company’s go-to-market strategy and boost partner engagement. Strategic Focus: Layton aims to enhance Apptega’s Security, Risk, and Compliance Management solutions for various security providers, emphasizing managed compliance services to improve recurring revenue. Market Insights: Apptega’s report revealed 75% of security providers missed revenue targets in 2024, highlighting a strong demand for managed compliance to differentiate in a competitive landscape. Experienced Background: Layton brings over 20 years of expertise in sales and channel development from leadership roles in multiple tech companies, reinforcing Apptega’s commitment…

Top Highlights Credential Theft: Hackers compromised user credentials from over 700 Salesforce customers using stolen OAuth tokens linked to Salesloft’s Drift AI chat agent, primarily targeting sensitive access information. Attack Automation: The threat actor UNC6395 automated data theft with a Python tool, ensuring broad access without exploiting any vulnerabilities within Salesforce itself. Preemptive Measures: Following the breaches, Salesloft and Salesforce acted by revoking access tokens and issuing alerts for Drift administrators to reauthenticate their Salesforce connections to mitigate further risks. Security Recommendations: Organizations using Drift in Salesforce instances should consider their data compromised and take immediate action by revoking API…

Fast Facts Google Threat Intelligence Group warns of a widespread data theft campaign by UNC6395, compromising over 700 organizations through a 10-day attack targeting Salesforce customers. Attackers used stolen OAuth tokens from Salesloft Drift to automate large-scale data exfiltration, mainly seeking credentials for AWS, Snowflake, and VPNs. The breach was contained after Salesloft and Salesforce revoked access on August 20, with impacted customers advised to search for and remediate compromised data. The attack demonstrated a high level of operational discipline and scale, exploiting OAuth token vulnerabilities and cloud integrations, with suspect origins still unknown. Underlying Problem A threat group called…

Top Highlights Security Incident: Farmers Insurance and its affiliates reported a breach due to a third-party vendor, affecting over 1 million customers on May 29, discovered the following day. Unauthorized Access: The breach involved unauthorized access to a vendor’s database, detected by monitoring tools that allowed for immediate containment. Investigation Results: An investigation revealed that some personal information of customers was compromised, though specific details were not disclosed. Support for Affected Customers: Farmers Insurance will offer two years of free identity monitoring services to impacted individuals, though they are unaware of any misuse of the compromised information. [gptAs a technology…