As organizations rely more heavily on open source components, software composition analysis (SCA) has become essential for identifying risks. But visibility alone is not enough. What turns insight into action is effective policy management: the ability to define and enforce rules that govern how software is built.
The post Open source policy management: How Sonatype supports security at scale appeared first on Security Boulevard.
By Christy Lynch This post summarizes the June 4, 2025 threat intelligence update from Google and offers additional recommendations from Reveal Security based on similar and recently observed attack patterns targeting SaaS applications and cloud infrastructure. Reveal Security monitors the overall cyber landscape for unique threats that can evade legacy detection methodologies. This UNC6040 campaign continues post-authentication, where many tools lose visibility. Our unique post-authentication approach adds a critical line of defense against this threat and other credential-based attack vectors. Summary of the Threat Google’s Threat Intelligence Team has identified an ongoing campaign by threat actor group UNC6040, in which attackers are stealing data from Salesforce and other SaaS applications. The attackers begin by socially engineering employees to steal credentials, then log into enterprise SaaS applications using residential proxy services to mask their location and blend in with legitimate traffic. Once authenticated, the attackers conduct manual reconnaissance to identify valuable data, such as customer records or support tickets, and then exfiltrate the data using legitimate application features. And the attackers don’t stop there. According to the report: “Following this initial data theft, UNC6040 was observed leveraging end-user credentials obtained through credential harvesting or vishing to move laterally through victim networks, accessing and exfiltrating data from other cloud platforms such as Okta and Microsoft 365.” In some cases, this stolen data is used in extortion attempts against the affected companies. Attack Flow According to Google’s report, the attack typically unfolds in the following stages: The attackers appear highly familiar with Salesforce’s user interface and data structures, enabling them to navigate and extract data efficiently while staying within the broader bounds of normal user behavior. Attribution and Targeting UNC6040 is a financially motivated group that Google has been tracking since 2023. This campaign does not rely on malware or exploits but instead uses legitimate credentials and authorized application behavior making detection particularly difficult. The attacks appear opportunistic rather than industry-specific. Organizations using Salesforce and other major SaaS platforms for customer service or case management are at heightened risk. Detection and Mitigation Challenges Several factors make these attacks difficult to detect: Google emphasizes that session monitoring, anomaly detection, and granular audit logs are critical to identifying these kinds of intrusions. Salesforce customers can review their security documentation here. How Reveal Security Helps Reveal Security provides visibility into post-authentication user activity across SaaS applications like Salesforce, enabling organizations to detect the exact kind of behavior seen in this campaign. By analyzing human and non-human identity behavior to learn what is typical, Reveal detects behavioral anomalies that suggest misuse and impersonation even when the attacker uses valid credentials and operates from approved locations. Reveal Security’s detection capabilities include: Post-authentication behavioral monitoring in SaaS and cloud is often the only way to distinguish attacker actions from those of legitimate users. To learn more about how Reveal Security can protect against threats targeting data in Salesforce and other SaaS platforms, visit https://www.reveal.security/.
The post Hackers Are Stealing Salesforce Data, Google Warns appeared first on RevealSecurity.
The post Hackers Are Stealing Salesforce Data, Google Warns appeared first on Security Boulevard.
You must login to view this content
Better Active Directory security with Enzoic 3.6: Real-time password feedback. CrowdStrike SIEM integration. Clearer credential risk insights.
The post Introducing Enzoic for Active Directory 3.6 appeared first on Security Boulevard.
You must login to view this content
Bitdefender announced GravityZone Compliance Manager, a new addition to its GravityZone platform that helps organizations reduce the burden of compliance and streamline audit readiness. Designed specifically for today’s complex regulatory landscape, the solution provides real-time visibility, automated remediation, audit-ready reports, and one-click compliance documentation fully integrated with Bitdefender endpoint security and risk analytics. “GravityZone Compliance Manager performed well for us during early access. The continuous monitoring and assessment feature reduced our reliance on manual scans, … More →
The post Bitdefender unifies security, risk management, and compliance in a single platform appeared first on Help Net Security.
A data breach has reportedly struck Odoo, a leading Belgian provider of open-source business management software. On June 5, 2025, a 63.4MB employee database—allegedly sourced through a “collaborative effort with a senior insider”—was advertised for sale on a dark web forum. The seller is demanding $25,000 in Monero (XMR) or Bitcoin (BTC) for the trove, […]
The post Odoo Employee Database Allegedly Exposed and Put Up for Sale on Dark Web appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Two members of the cybercriminal group “ViLE” were sentenced this week in Brooklyn federal court for their roles in a high-profile hacking and extortion scheme targeting a U.S. federal law enforcement web portal. Sagar Steven Singh, known online as “Weep,” received a 27-month prison sentence, while Nicholas Ceraolo, also known as “Convict,” “Anon,” and “Ominous,” […]
The post Members of ViLE Hacker Group Arrested for Hacking DEA Portal appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Dynatrace is accelerating the generational shift in enterprise software development by extending the Dynatrace platform with agentic AI capabilities. Designed to predict and prevent disruptions, protect systems and data, and optimize operations autonomously, these advancements mark a new era of productivity and agility, fundamentally redefining how businesses manage digital transformation. Enterprise organizations are significantly increasing investment in AI to enhance productivity, particularly in software development. Despite these efforts, developers still spend up to 80% of … More →
The post Dynatrace extends platform with agentic AI capabilities appeared first on Help Net Security.