Mandiant
ShinyHunters flip the script on MFA in new data theft attacks
Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in …
WinRAR vulnerability still a go-to tool for hackers, Mandiant warns
State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. …
AuraInspector: Open-source tool to audit Salesforce Aura access control misconfigurations
Google and its Mandiant threat intelligence unit have released AuraInspector, an open-source tool aimed at auditing data access paths in Salesforce Experience Cloud …
Gainsight breach: Salesforce details attack window, issues investigation guidance
The number of Salesforce customers affected by the recent compromise of Gainsight-published applications is yet to be publicly confirmed, but Salesforce released indicators of …
Salesforce Gainsight compromise: Early findings and customer guidance
In the wake of Salesforce’s announcement about “unusual activity involving Gainsight-published applications” and the company’s revocation of access and …
Salesforce investigates new incident echoing Salesloft Drift compromise
In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps …
Attackers exploited another Gladinet Triofox vulnerability (CVE-2025-12480)
Attackers have exploited yet another vulnerability (CVE-2025-12480) in the Gladinet Triofox secure file sharing and remote access platform, Mandiant revealed on Monday. …
SonicWall cloud backup hack was the work of a state actor
Incident responders from Mandiant have wrapped up their investigation into the SonicWall cloud backup service hack, and the verdict is in: the culprit is a state-sponsored …
Google introduces agentic threat intelligence for faster, conversational threat analysis
Security teams spend much of their day pulling data from reports, forums, and feeds, trying to connect clues across multiple sources. Google says that work can now happen …
F5 data breach: “Nation-state attackers” stole BIG-IP source code, vulnerability info
US tech company F5 has suffered a breach, and the attackers made off with source code of and vulnerability information related to its BIG-IP family of networking and security …
Attackers compromised ALL SonicWall firewall configuration backup files
The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, …
Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)
Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances. Whether the …
Featured news
Resources
Don't miss
- Ivanti EPMM exploitation: Researchers warn of “sleeper” webshells
- Microsoft begins Secure Boot certificate update for Windows devices
- Microsoft Patch Tuesday: 6 exploited zero-days fixed in February 2026
- That “summarize with AI” button might be manipulating you
- Groupe Rocher CISO on strengthening a modern retail cybersecurity strategy