Blog
-
“ForcedLeak” Vulnerability in Agentforce Platform Addressed by Salesforce
The dangerous “ForcedLeak” flaw in Salesforce’s Agentforce platform has been addressed with a patch, plugging a hole that made it possible for attackers to exfiltrate sensitive data via a prompt injection.
-
NYC Sim Farm Bust Demonstrates Major Threat to Mobile Networks
The NYC SIM farm was thought to cost only a few million dollars in total, for rented apartments in five fairly expensive areas and 300 SIM boxes running about 100,000 SIM cards. Though there is no indication the operators had plans for terrorism, this setup would have been more than sufficient to overwhelm NYC phone…
-
Over a Dozen Ransomware Groups “Call it Quits,” But Don’t Let Your Guard Down
Right in the midst of their 2025 reign of terror, the newly-united Scattered Spider and ShinyHunters ransomware groups are calling it quits. They have been joined in their retirement announcement by about a dozen other groups, including Lapsus$ and BreachForums operator InfoBroker.
-
CISA Signals Possible Government Takeover of CVE Program With Release of New Roadmap
Though the Trump administration has generally had a poor relationship with CISA, there was never any real intent to defund the CVE program and that getting new funding in place has only been a matter of contract issues and some sort of “workflow” problem.
-
Will the New Qantas Executive Bonuses Policy Become Standard for Data Breaches?
Qantas has announced executive bonuses can now be docked by about 15% for major security lapses. CEO Vanessa Hudson will see AUD 250,000 taken back due to the data breach that exposed six million customer records.
-
Salesloft Drift Hack Leads to Rash of Compromised OAuth Tokens; Cybersecurity Companies Victimized
Thus far about 700 Salesloft Drift customers are confirmed to have had OAuth tokens or some other access credential stolen in the attack, including some of the biggest names in cybersecurity.
-
Use of AI in Cyber Attacks Escalates With Manipulation of Claude AI Chatbot
Hackers compromised at least 17 organizations by using Claude AI chatbot to find vulnerabilities prioritized by likelihood of exploitation, and factoring in vulnerable technology type and the physical location as well as how much money can likely be extracted from ransom demands.
-
DOGE Whistleblower Report Lambastes Risk Created by Live Copy of Social Security Data on Cloud Server
DOGE whistleblower report alleges improper handling and unnecessary risk of a testing copy of what is essentially all of the information available about American Social Security data on cloud server.
-
FTC Threatens to Bring Enforcement Powers to Bear on US Tech Companies if Encryption is Weakened
FTC wants to see encryption standards kept strong in the face of foreign pressure. Chairman indicated that the FTC could directly use powers under Section 5 of the FTC Act to prosecute deceptive practices by tech companies, such as weakening encryption.
-
No More Apple Encryption Backdoor; US Says UK is Dropping Its ADP Demand
US intelligence chief Tulsi Gabbard has announced that the UK has dropped its requirement that Apple insert an encryption backdoor in their cloud service, though there has not yet been any formal comment on the development by either party.