Aggregator

The recent Salesloft Drift breach offered a sobering reminder of how easily trust can be weaponized in today’s SaaS and AI-integrated environments. In this incident, hackers exploited the Drift chatbot, stole OAuth tokens, and used them to obtain data from CRM systems before the tokens could be revoked. In the wake of the incident, many […]

The post When trust turns toxic: Lessons from the Salesloft Drift incident appeared first on CyberScoop.

Despite years of effort to make software safer and more transparent with SBOMs, the rise of AI coding assistants is fueling optimism—and, some experts argue, “kind of insane”—claims about a future with vulnerability-free software.

The post The slow rise of SBOMs meets the rapid advance of AI appeared first on CyberScoop.

For the latest discoveries in cyber research for the week of 24th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The notorious “Scattered LAPSUS$ Hunters” group claimed responsibility for a supply-chain attack involving the Salesforce-integrated platform Gainsight. The group stated that data from 300 organizations was compromised, including Verizon, GitLab and Atlassian. […]

The post 24th November – Threat Intelligence Report appeared first on Check Point Research.

You must login to view this content

You must login to view this content

You must login to view this content

A sophisticated phishing campaign is currently leveraging a subtle typographical trick to bypass user vigilance, deceiving victims into handing over sensitive login credentials. Attackers utilize the domain “rnicrosoft.com” to impersonate the tech giant. By replacing the letter ‘m’ with the combination of ‘r’ and ‘n’, fraudsters create a visual doppleganger that is nearly indistinguishable from […]

The post Hackers Replace ‘m’ with ‘rn’ in Microsoft(.)com to Steal Users’ Login Credentials appeared first on Cyber Security News.