Data Breach

FreePBX SQL Injection Flaw Exploited to Alter Database Records

A critical, unauthenticated SQL injection vulnerability in FreePBX is being actively exploited, posing a severe risk to VoIP infrastructures worldwide. Attackers are abusing a web endpoint to inject database entries, create scheduled tasks, and ultimately run arbitrary code on compromised systems. What is affected, and why it matters FreePBX, the web-based administrative interface commonly used […]

FreePBX SQL Injection Flaw Exploited to Alter Database Records Read More »

Shuyal Stealer Targets 19 Browsers to Harvest Login Credentials

Shuyal Stealer has quickly become one of the most flexible credential theft tools observed in recent months. First seen in early August, its modular design enables it to target a wide variety of web browsers, including Chromium-based, Gecko-based, and legacy engines, making it a high-risk threat for many environments. Early signs and impact Initial indicators

Shuyal Stealer Targets 19 Browsers to Harvest Login Credentials Read More »

Microsoft Events Vulnerability Exposes User Data from Registration and Waitlist Databases

A major security vulnerability was discovered in the Microsoft Events platform, which could have allowed unauthorized access to personal information stored in two separate databases — the event registration list and the waitlist database. Discovery of the Flaw The issue was identified by a 15-year-old bug bounty researcher, known as Faav, who uncovered that the flaw exposed

Microsoft Events Vulnerability Exposes User Data from Registration and Waitlist Databases Read More »

XWorm 6.0 Resurfaces with Over 35 Plugins, Upgraded Data Theft Features

Cybersecurity experts have closely monitored the development of XWorm malware, evolving it into a highly adaptable tool capable of executing a broad range of malicious operations on infected systems. Trellix researchers Niranjan Hegde and Sijo Jacob explained, “XWorm’s architecture is modular, consisting of a core client and multiple specialized components known as plugins. Each plugin

XWorm 6.0 Resurfaces with Over 35 Plugins, Upgraded Data Theft Features Read More »

Red Hat Data Breach, Hackers Claim Access to 28K Private GitHub Repositories

A hacking group calling itself the Crimson Collective has allegedly carried out one of the most severe breaches in recent memory, targeting Red Hat’s private GitHub repositories. According to their claims, nearly 570GB of compressed data was extracted from more than 28,000 internal repositories, making this incident a potential milestone in the history of technology-related

Red Hat Data Breach, Hackers Claim Access to 28K Private GitHub Repositories Read More »

Salesforce Fixes Critical ForcedLeak Bug Exposing CRM Data Through AI Prompt Injection

Cybersecurity researchers have disclosed a major flaw in Salesforce Agentforce, a platform designed for building AI-powered agents. The vulnerability, codenamed ForcedLeak (CVSS score: 9.4), could have enabled attackers to exfiltrate sensitive data from Salesforce’s CRM system using an indirect AI prompt injection. The issue was discovered and reported by Noma Security on July 28, 2025.

Salesforce Fixes Critical ForcedLeak Bug Exposing CRM Data Through AI Prompt Injection Read More »

SonicWall urges password resets after cloud backup breach impacting less than 5 percent of customers

SonicWall has issued a strong advisory urging its customers to reset their credentials after detecting a security incident involving its cloud backup service. The breach exposed firewall configuration backup files linked to MySonicWall accounts, though the company emphasized that less than 5 percent of customers were impacted. Suspicious Activity Detected in Cloud Backups According to

SonicWall urges password resets after cloud backup breach impacting less than 5 percent of customers Read More »

GitHub Account Breach Triggers Salesloft Drift Incident Impacting 22 Companies

Salesloft has confirmed that the recent breach impacting its Drift application was triggered by the compromise of its GitHub account, which opened the door for a wider supply chain attack. Breach Details According to Google-owned Mandiant, which is handling the investigation, the attackers, identified as UNC6395, gained unauthorized access to Salesloft’s GitHub account between March

GitHub Account Breach Triggers Salesloft Drift Incident Impacting 22 Companies Read More »

Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations

Salesloft has announced that it will temporarily take Drift offline after a large-scale cyberattack led to the theft of OAuth tokens from hundreds of organizations. The decision, revealed on Tuesday, comes after reports confirmed that attackers had compromised Drift’s systems, affecting many companies that rely on its chatbot and integration services. Why Drift Is Going

Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations Read More »

add a heading (7)

Malicious Nx Packages in ‘s1ngularity’ Attack Leak 2,349 GitHub, Cloud, and AI Credentials

The maintainers of the Nx build system have warned users about a supply chain attack that allowed cybercriminals to release malicious versions of the popular npm package along with supporting plugins, designed to steal sensitive information. According to the advisory published on Wednesday, “Malicious versions of the Nx package, and certain auxiliary plugins, were uploaded

Malicious Nx Packages in ‘s1ngularity’ Attack Leak 2,349 GitHub, Cloud, and AI Credentials Read More »