CIS launches Commercial Cloud MDR, Powered by Sophos, to protect SLTT government organizations
Investigate incidents in real time, quickly neutralize active threats, and prevent repeat attacks.
Similar Posts
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
Bys sThe China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a…
GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites
Bys sThe malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours…
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
Bys sA widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group and Mandiant, tracked as UNC6395….
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation. The critical vulnerability, tracked as CVE-2025-55182 (CVSS score: 10.0), affects the React Server Components (RSC) Flight protocol. The underlying cause of the issue is an unsafe deserialization
ShinyHunters group opens new dark web leak site, claims responsibility for OKTA vishing campaign
Bys sOver on LinkedIn, AlonGal of Hudson Rock wrote: BIG – ShinyHunters confirmed to me that they are behind the recent Okta vishing campaign and have published alleged data from three major victims (Crunchbase, SoundCloud, and Betterment) on their new blog, stating more are coming. 🔽 I was approached by ShinyHunters following a BleepingComputer report yesterday……
New adult safeguarding toolkit to help protect vulnerable adults’ data
Bys sIrish Legal News reports: The adult safeguarding toolkit is designed to provide organisations and individuals with guidance and resources to comply with data protection legislation and promote best practices in safeguarding sensitive information. The toolkit offers comprehensive guidance on how to collect, use, store, and share data related to vulnerable adults, while adhering to the principles of…