Tag: corporate
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
Shadow AI Discovery: A Critical Part of Enterprise AI Governance
The Harsh Truths of AI AdoptionMITs State of AI in Business report revealed that while 40% of organizations have purchased enterprise LLM subscriptions, over 90% of employees are actively using AI tools in their daily work. Similarly, research from Harmonic Security found that 45.4% of sensitive AI interactions are coming from personal email accounts, where…
-
Zscaler Customer Info Taken in Salesloft Breach
Zscaler has emerged as the latest corporate victim of a supply chain attack targeting Salesforce data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/zscaler-customer-info-taken/
-
Google Urges 2.5B Gmail Users to Reset Passwords After Salesforce Breach
A sophisticated voice phishing operation has emerged as a significant threat to organizations worldwide, with cybercriminals successfully infiltrating Salesforce environments to steal sensitive data and demand ransom payments. Google’s Threat Intelligence Group has identified this financially motivated campaign, designating the primary threat cluster as UNC6040, which has demonstrated alarming success in breaching corporate networks through…
-
Chinese hacking group Salt Typhoon expansion prompts multinational advisory
Tags: advisory, attack, authentication, breach, china, cisco, communications, container, corporate, country, cyber, data, exploit, firmware, flaw, government, group, hacking, infrastructure, intelligence, Internet, ivanti, malware, military, monitoring, network, password, router, service, software, technology, threat, update, vulnerability, zero-dayIvanti, Palo Alto Networks, Cisco flaws exploited: Salt Typhoon has been active since at least 2021, targeting critical infrastructure in telecom, transportation, government, and military bodies around the globe. Notably, a “cluster of activity” has been observed in the UK, according to the country’s National Cyber Security Centre.The group has had “considerable success” with “n-days,”…
-
Cybercrime increasingly moving beyond financial gains
Tags: attack, awareness, business, ciso, computer, corporate, cyber, cyberattack, cybercrime, cybersecurity, defense, disinformation, espionage, finance, government, group, hacker, hacking, incident response, infrastructure, intelligence, iran, malicious, military, network, ransom, ransomware, risk, risk-analysis, russia, strategy, theft, threat, tool, ukraine, vulnerability, wormsrcset=”https://b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?quality=50&strip=all 892w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=223%2C300&quality=50&strip=all 223w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=768%2C1033&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=761%2C1024&quality=50&strip=all 761w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=518%2C697&quality=50&strip=all 518w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=125%2C168&quality=50&strip=all 125w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=62%2C84&quality=50&strip=all 62w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=357%2C480&quality=50&strip=all 357w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=268%2C360&quality=50&strip=all 268w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=186%2C250&quality=50&strip=all 186w” width=”761″ height=”1024″ sizes=”auto, (max-width: 761px) 100vw, 761px”> Incibe. En la imagen, Patricia Alonso GarcÃa.”We are very redundant when talking about cybercrime, because we always associate it with economic motivations,” says Hervé Lambert, global consumer operations…
-
The CISO succession crisis: why companies have no plan and how to change that
The technical-to-strategic divide: One major obstacle keeping many mid-level security pros from becoming CISOs isn’t their tech skills, it’s learning to shift from doing hands-on security work to acting as strategic business partners. That change takes a whole new set of skills and a different way of thinking.”I think you see this with a lot…
-
Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius
A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/27/hundreds-of-salesforce-customer-orgs-hit-in-clever-attack-with-potentially-huge-blast-radius/
-
Hackers Abuse Compromised OAuth Tokens to Access and Steal Salesforce Corporate Data
Google Threat Intelligence Group (GTIG) has issued an advisory concerning a broad data theft operation targeting corporate Salesforce instances via the Drift integration. Beginning as early as August 8, 2025, UNC6395 leveraged valid access and refresh tokens associated with the Salesloft Drift app to connect as an authenticated connected app user, executing large-scale SOQL queries…
-
Behind the Coinbase breach: Bribery emerges as enterprise threat
Coinbase’s widely praised incident response: Coinbase’s transparency, firm stance against the ransom, quick remediation, and willingness to compensate its customers earned wide praise from cybersecurity professionals.According to Coinbase’s Martin, the hackers resorted to paying help desk workers in India precisely because the company had built such a robust security program. Bribery, according to Martin, was…
-
5 Enterprise VPN Solutions Every Business Should Know
Enterprise VPN provides an encrypted connection for remote users and sites to access corporate resources over the internet. Compare top VPN providers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/enterprise-vpn-solutions/
-
Fast-Spreading, Complex Phishing Campaign Installs RATs
Attackers not only steal credentials but also can maintain long-term, persistent access to corporate networks through the global campaign. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/fast-spreading-phishing-installs-rats
-
20-year-old Scattered Spider Member Sentenced to 10 Years in Prison
Noah Michael Urban, a 20-year-old Florida man, was sentenced for his role as a member of the notorious Scattered Spider threat group in a series of phishing and other scams between 2022 and 2023 in which they got victims’ credentials and used them to steal corporate information, customer data, and cryptocurrency. First seen on securityboulevard.com…
-
Featured Chrome extension FreeVPN.One caught capturing and transmitting user data
Tags: access, api, browser, ceo, chrome, corporate, credentials, data, data-breach, endpoint, finance, governance, healthcare, india, malicious, mobile, monitoring, privacy, risk, technology, threat, tool, vpn, vulnerability, vulnerability-managementUnmanaged extensions expose enterprises: Such incidents highlight how unmanaged browser extensions can act as covert data exfiltration channels, exposing sensitive corporate information. Enterprises usually deploy licensed, corporate-grade VPNs that are safe and accompanied by monitoring and access controls. But employees often install free VPN extensions for personal use.”This poses as a major threat to industries…
-
Copilot Kept Access Logs Unless You Told It Not To
Copilot Falls for Prompt Injection Yet Again. Microsoft quietly fixed a flaw that allowed users to instruct embedded artificial intelligence model Copilot not to log its access corporate files. If you work at an organization that used Copilot prior to Aug 18, there is a very real chance that your audit log is incomplete. First…
-
Side of Fries With That Bug? Hacker Finds Flaws in McDonald’s Staff, Partner Hubs
Exposure of APIs, sensitive data, and corporate documents are just some of the security issues that the purveyor of Big Macs was cooking up. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/hacker-finds-flaws-mcdonalds-staff-partner-hubs
-
Hacker Finds Flaws in McDonald’s Staff, Partner Hubs
Exposure of APIs, sensitive data, and corporate documents are just some of the security issues that the purveyor of Big Macs was cooking up. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/hacker-finds-flaws-mcdonalds-staff-partner-hubs
-
Scaly Wolf Unleashing Attacks to Expose Organizations’ Hidden Secrets
The Scaly Wolf advanced persistent threat (APT) gang has once again targeted a Russian engineering company in a sophisticated targeted attack that was discovered by Doctor Web’s analysts. This shows that the group is determined to obtain corporate secrets. This incident, occurring in mid-2025, echoes a similar assault in 2023, where the group employed modular…
-
Scaly Wolf Unleashing Attacks to Expose Organizations’ Hidden Secrets
The Scaly Wolf advanced persistent threat (APT) gang has once again targeted a Russian engineering company in a sophisticated targeted attack that was discovered by Doctor Web’s analysts. This shows that the group is determined to obtain corporate secrets. This incident, occurring in mid-2025, echoes a similar assault in 2023, where the group employed modular…
-
Scaly Wolf Unleashing Attacks to Expose Organizations’ Hidden Secrets
The Scaly Wolf advanced persistent threat (APT) gang has once again targeted a Russian engineering company in a sophisticated targeted attack that was discovered by Doctor Web’s analysts. This shows that the group is determined to obtain corporate secrets. This incident, occurring in mid-2025, echoes a similar assault in 2023, where the group employed modular…
-
Lenovo AI Chatbot Flaw Allows Remote Script Execution on Corporate Systems
Cybersecurity researchers have uncovered critical vulnerabilities in Lenovo’s AI-powered customer support chatbot that could allow attackers to execute malicious scripts on corporate systems and steal sensitive session data. The discovery highlights significant security gaps in enterprise AI implementations and raises concerns about the rapid deployment of AI systems without adequate security controls. Cybernews Researchers identified…
-
Flaw in Too-Trusting Lenovo Chatbot Could Have Let Hackers In
Using a single, carefully-crafted prompt, Cybernews researchers were able to manipulate Lenovo’s customer service AI chatbot, Lena, into giving up customer agent session cookies, which opened up the possibility of multiple lines of attack, from dropping backdoors and stealing to laterally moving through corporate networks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/flaw-in-too-trusting-lenovo-chatbot-could-have-let-hackers-in/
-
The Hidden Risks of External AI Models and How Businesses can Mitigate Them
As AI adoption accelerates, businesses face hidden risks from third-party models like ChatGPT and Claude, including data leakage and malicious data infiltration. By implementing corporate AI tools and educating employees, companies can harness generative AI’s benefits while safeguarding sensitive data, compliance, and trust. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/the-hidden-risks-of-external-ai-models-and-how-businesses-can-mitigate-them/
-
Intel Websites Compromised, Allowing Hackers Access to Employee and Confidential Data
A series of critical security flaws in Intel’s internal web infrastructure exposed the personal details of more than 270,000 employees and potentially provided attackers with access to sensitive corporate and supplier information. The discoveries highlight severe weaknesses across multiple Intel-owned websites, raising broader concerns about the company’s handling of web application security. According to security…