There’s an update to the Salesloft+Drift portal with results from the Mandiant Drift and Salesloft application investigations: Mandiant’s investigation has determined the threat actor took the following actions: In March through June 2025, the threat actor accessed the Salesloft GitHub account. With this access, the threat actor was able to download content from multiple repositories,…
Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information. Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, “Is this reducing incidents?” the answer is often unclear. This gap between…
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0. “An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78]…
Vanguard reports: A Nigerian man has been extradited to the United States from France to face charges of computer hacking, fraud and identity theft, the Justice Department said Tuesday. Chukwuemeka Victor Amachukwu, 39, and Nigeria-based co-conspirators allegedly hacked US-tax preparation businesses, stole customers’ identifying information and filed fraudulent tax returns. They obtained at least $2.5…
Elizabeth F. Greene and Kristen Dupard pf Bradley Arant Boult Cummings LLP write: The Department of Justice (DOJ) recently obtained several cybersecurity-related False Claims Act (FCA) settlements totaling more than $50 million dollars. Collectively, these settlements reflect a clear message: Cybersecurity is an enforcement priority for the second Trump administration, and any organization that contracts……
Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of…
The Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix NetScaler ADC products to breach organizations in the country. The NCSC-NL said it discovered the exploitation of CVE-2025-6543 targeting several critical organizations within the Netherlands, and that investigations are ongoing to determine the
