credentials
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents
All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira …
Salesloft Drift data breach: Investigation reveals how attackers got in
The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain …
Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise
Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 …
Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius
A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those …
Why stolen credentials remain cybercriminals’ tool of choice
It’s often the case that the simplest tools have the longest staying power, because they ultimately get the job done. Take duct tape, for example: it’s a sturdy household …
SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit
Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, …
Product showcase: Enzoic for Active Directory
Enzoic for Active Directory is an easy-to-install plugin that integrates with Microsoft Active Directory (AD) to set, monitor, and remediate unsafe passwords and credentials. …
Researchers unearth keyloggers on Outlook login pages
Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the …
AI and automation shift the cybersecurity balance toward attackers
Threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders, according to Fortinet.
What’s worth automating in cyber hygiene, and what’s not
Cyber hygiene sounds simple. Patch your systems, remove old accounts, update your software. But for large organizations, this gets messy fast. Systems number in the thousands. …
Is your email or password among the 240+ million compromised by infostealers?
For the second time since the start of 2025, a huge number of login credentials extracted from infostealer logs has been added to the database powering the HaveIBeenPwned …
6 considerations for 2025 cybersecurity investment decisions
Cybersecurity professionals may be concerned about the constantly shifting threat landscape. From the increased use of artificial intelligence (AI) by malicious actors to the …
Featured news
Resources
Don't miss
- Google fixes actively exploited Chrome zero-day vulnerability (CVE-2025-10585)
- LinkedIn now uses your data for AI by default, opt out now!
- Behind the scenes of cURL with its founder: Releases, updates, and security
- Product showcase: Exaforce – The full lifecycle AI SOC platform
- AI made crypto scams far more dangerous