Tag: supply-chain
-
Zscaler, Palo Alto Networks Breached via Salesloft Drift
Two major security firms suffered downstream compromises as part of a large-scale supply chain attack involving Salesloft Drift, a marketing SaaS application from Salesforce. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/zscaler-palo-alto-networks-breached-salesloft-drift
-
Palo Alto Networks, Zscaler customers impacted by supply chain attacks
A hacking campaign using credentials linked to Salesloft Drift has impacted a growing number of companies, including downstream customers of leading cybersecurity firms. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/palo-alto-networks-zscaler-supply-chain-attacks/758990/
-
Palo Alto Networks, Zscaler customers impacted by supply chain attacks
A hacking campaign using credentials linked to Salesloft Drift has impacted a growing number of companies, including downstream customers of leading cybersecurity firms. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/palo-alto-networks-zscaler-supply-chain-attacks/758990/
-
Palo Alto Networks disclose a data breach linked to Salesloft Drift incident
Palo Alto Networks hit by Drift-linked supply-chain attack, exposing Salesforce customer data and support cases via stolen OAuth tokens. Palo Alto Networks is another victim of the Salesloft Drift incident, which allowed attackers to access its Salesforce account, as per BleepingComputer. The company discloses a breach after attackers used stolen OAuth tokens from Salesloft Drift,…
-
Palo Alto Networks Confirms Data Breach via Compromised Salesforce Instances
Cybersecurity vendor Palo Alto Networks disclosed that its Salesforce environment was breached through a compromised Salesloft Drift integration, marking the latest in a series of supply chain attacks targeting customer relationship management platforms. According to a statement from Palo Alto Networks, Salesloft’s Drift application”, used by hundreds of organizations to streamline sales engagement”, suffered an…
-
Zscaler Customer Info Taken in Salesloft Breach
Zscaler has emerged as the latest corporate victim of a supply chain attack targeting Salesforce data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/zscaler-customer-info-taken/
-
Agentic AI: A CISO’s security nightmare in the making?
Tags: access, ai, antivirus, api, attack, automation, ciso, compliance, cybersecurity, data, defense, detection, email, endpoint, exploit, framework, governance, law, leak, malicious, malware, open-source, privacy, risk, service, strategy, supply-chain, tool, vulnerabilityFree agents: Autonomy breeds increased risks: Agentic AI introduces the ability to make independent decisions and act without human oversight. This capability presents its own cybersecurity risk by potentially leaving organizations vulnerable.”Agentic AI systems are goal-driven and capable of making decisions without direct human approval,” Joyce says. “When objectives are poorly scoped or ambiguous, agents…
-
Complexity and AI put identity protection to the test
Identity has become a core pillar of cybersecurity strategy. Remote work, cloud-first adoption, and distributed supply chains have moved identity from “a tactical IT … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/02/cisco-duo-identity-security-2025-report/
-
Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info
Zscaler breach tied to Salesloft Drift attack exposed Salesforce data, leaking customer info and support case details in a supply-chain compromise. Zscaler discloses a data breach that is linked to the recent Salesloft Drift attack. The cybersecurity vendor confirmed it was affected by a campaign targeting Salesloft Drift, a marketing SaaS integrated with Salesforce. Threat…
-
Top 10 Cybersecurity Companies in United States (2025 Ranking)
Cyberattacks in the United States aren’t slowing down. From billion-dollar ransomware hits to stealthy supply chain breaches, every month brings a new headline. And the cost is staggering. The average… The post Top 10 Cybersecurity Companies in United States (2025 Ranking) appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/09/top-10-cybersecurity-companies-in-united-states-2025-ranking/
-
Angriffe auf npm-Lieferkette gefährden Entwicklungsumgebungen
Tags: ai, api, browser, bug, chrome, cloud, computer, control, cyberattack, data-breach, github, malware, software, supply-chain, toolAngriffe auf das NX-Build-System und React-Pakete zeigen, dass die Bedrohungen für Softwareentwicklung in Unternehmen immer größer werden.Ein ausgeklügelter Supply-Chain-Angriff hat das weit verbreitete Entwickler-Tool Nx-Build-System-Paket kompromittiert, das über den Node Package Manager (npm) installiert und verwendet wird. Dadurch wurden zahlreiche Anmeldedaten von Entwicklern offengelegt. Laut einem neuen Bericht des Sicherheitsunternehmens Wiz wurden bei dieser Kampagne…
-
Top 10 Cybersecurity Companies in United States (2025 Ranking)
Cyberattacks in the United States aren’t slowing down. From billion-dollar ransomware hits to stealthy supply chain breaches, every month brings a new headline. And the cost is staggering. The average… The post Top 10 Cybersecurity Companies in United States (2025 Ranking) appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/09/top-10-cybersecurity-companies-in-united-states-2025-ranking/
-
Angriffe auf npm-Lieferkette gefährden Entwicklungsumgebungen
Tags: ai, api, browser, bug, chrome, cloud, computer, control, cyberattack, data-breach, github, malware, software, supply-chain, toolAngriffe auf das NX-Build-System und React-Pakete zeigen, dass die Bedrohungen für Softwareentwicklung in Unternehmen immer größer werden.Ein ausgeklügelter Supply-Chain-Angriff hat das weit verbreitete Entwickler-Tool Nx-Build-System-Paket kompromittiert, das über den Node Package Manager (npm) installiert und verwendet wird. Dadurch wurden zahlreiche Anmeldedaten von Entwicklern offengelegt. Laut einem neuen Bericht des Sicherheitsunternehmens Wiz wurden bei dieser Kampagne…
-
Women cyber leaders are on the rise, and paying it forward
Tags: ciso, cloud, cyber, cybersecurity, data, defense, finance, google, group, insurance, international, jobs, lessons-learned, network, office, privacy, risk, service, skills, software, strategy, supply-chain, technologyCarol Lee Hobson, CISO, PayNearMe PayNearMeStill, companies could be doing more to bring women into cybersecurity positions, says Lauren Winchester, vice president of cyber risk services at Travelers.”Women make up more than half of the population yet represent roughly 20% of the cybersecurity workforce. While the number of women in cyber has increased over the…
-
Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware
A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants, according to StepSecurity First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/npm-package-hijacked-ai-malware/
-
Popular Nx Packages Compromised by Credential-Stealing Malware
A widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive credentials and demonstrating a frighteningly comprehensive approach to future threats. Security researchers have confirmed that malicious versions of Nx”, numbered 20.9.0 through 21.8.0″, systematically scanned infected machines for a broad range of secrets before exfiltrating them…
-
1,000+ Devs Lose Their Secrets to an AI-Powered Stealer
One of the most sophisticated supply chain attacks to date caused immense amounts of data to leak to the Web in a matter of hours. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/1000-devs-lose-secrets-ai-powered-stealer
-
Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names
Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions.Software supply chain security outfit ReversingLabs said it made the discovery after it identified a malicious extension named “ahbanC.shiba” that functioned similarly to two other extensions ahban.shiba and ahban.cychelloworld First seen on thehackernews.com…
-
Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted… First seen on hackread.com Jump to article: hackread.com/developer-credentials-stolen-macos-s1ngularity-attack/
-
Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package and other auxiliary plugins with data-gathering capabilities.”Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the…
-
KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge
Tags: ai, attack, credentials, cyber, cybersecurity, finance, risk, risk-management, supply-chain, theft, threat, vulnerabilityKnowBe4, the human risk management cybersecurity platform, has released its latest research paper >>Financial Sector Threats Report,
-
DOE Still Blind to Its Own Software Supply Chain Risks
IG Report Flags Widespread Gaps in DOE’s Software Supply Chain Security. An audit of the Department of Energy found failures in supply chain risk practices, with multiple contractor sites lacking basic policies, verification mechanisms and visibility into the actual software running on critical systems. Three locations lacked formal policies. First seen on govinfosecurity.com Jump to…
-
Nx NPM packages poisoned in AI-assisted supply chain attack
Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon First seen on theregister.com Jump to article: www.theregister.com/2025/08/27/nx_npm_supply_chain_attack/
-
Why zero trust is never ‘done’ and is an ever-evolving process
Zero trust isn’t a project you finish”, it’s a cycle that keeps evolving. From supply chain exploits to policy drift, resilience requires continuous testing and adaptation. Learn how Specops Software supports this journey with tools that make it easier. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-zero-trust-is-never-done-and-is-an-ever-evolving-process/
-
Fertigungsbranche zunehmend Ziel von Cyber-Spionage Kleine Unternehmen besonders gefährdet
Auch die Lieferkette selbst wird immer mehr zum Risiko: Angriffe auf spezialisierte Softwareanbieter oder Maschinenhersteller können sich schnell auf zahlreiche Kunden auswirken und potenziell katastrophale Folgen für Produktion, Qualitätssicherung und Logistik nach sich ziehen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/fertigungsbranche-zunehmend-ziel-von-cyber-spionage-kleine-unternehmen-besonders-gefaehrdet/a41808/
-
New ZipLine Campaign Targets Critical Manufacturing Firms with In-Memory MixShell Malware
Check Point Research has uncovered a highly persistent phishing operation dubbed ZipLine, which reverses traditional attack vectors by exploiting victims’ own >>Contact Us
-
NIS2 und der Mittelstand: Zwischen Pflicht und Praxis
Tags: ai, ceo, compliance, cybersecurity, cyersecurity, dora, fortinet, germany, governance, healthcare, international, network, nis-2, resilience, risk, risk-analysis, risk-management, service, software, strategy, supply-chain, zero-trustNeue EU-Vorgaben wie DORA und NIS2 setzen Unternehmen unter Zugzwang bieten aber gleichzeitig die Chance, IT-Sicherheit strategisch neu zu denken.Wem das noch nicht Grund genug ist, sich mit der Resilienz und IT-Sicherheit des eigenen Unternehmens zu befassen, hat aus Richtung der Europäischen Union in den letzten Monaten noch einmal etwas Zusatzmotivation erhalten. Während von dem…
-
NIS2 und der Mittelstand: Zwischen Pflicht und Praxis
Tags: ai, ceo, compliance, cybersecurity, cyersecurity, dora, fortinet, germany, governance, healthcare, international, network, nis-2, resilience, risk, risk-analysis, risk-management, service, software, strategy, supply-chain, zero-trustNeue EU-Vorgaben wie DORA und NIS2 setzen Unternehmen unter Zugzwang bieten aber gleichzeitig die Chance, IT-Sicherheit strategisch neu zu denken.Wem das noch nicht Grund genug ist, sich mit der Resilienz und IT-Sicherheit des eigenen Unternehmens zu befassen, hat aus Richtung der Europäischen Union in den letzten Monaten noch einmal etwas Zusatzmotivation erhalten. Während von dem…