Scope of Salesforce Attacks Expands as Icarus Leaks Data

More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

The CI/CD workflow weakness affects Microsoft's Azure Sentinel, Google's AI Agent Development Kit, Apache's Doris analytics database, Cloudflare's Workers SDK, and Python Software Foundation's Black.

SocGholish Takedown Highlights Malicious TDS Threats

SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims' networks for cybercrime groups such as the notorious Evil Corp.

He Thought He Was Secure; His Phone Number Got Stolen Anyway

Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to account takeovers, so users must layer up their security measures.

DifyTap Bugs Let Attackers 'Wiretap' AI Chat Histories

Four vulnerabilities allow attackers to exploit Dify, a platform for AI application building and management, to silently access and exfiltrate sensitive data.

Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign

Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cross-platform clipboard hijacker.

Novo Nordisk Breach Exposes Software Development Pipeline Risk

A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.