Cybersecurity firm Noma Security reveals ForcedLeak, a critical flaw in Salesforce Agentforce that allowed data theft. Learn what companies need to do now to secure AI agents.

A vulnerability dubbed ForcedLeak was recently discovered in Salesforce Agentforce, an AI-driven system designed to handle complex business tasks within CRM environments. Noma Security identified the critical flaw, which was initially rated CVSS 9.1 and later updated to 9.4, allowing remote attackers to steal private CRM data. The firm shared its research with Hackread.com.

****How the Attack Worked****

The problem lies in the autonomous way AI agents work. Unlike simple chatbots that are “prompt-response” systems, these agents can “reason, plan, and execute complex business tasks,” making them a considerably bigger target. The core issue here was an indirect prompt injection attack, which happens when a bad instruction is secretly placed inside data that the AI system later processes.

In the case of Agentforce, attackers used the commonly enabled Web-to-Lead feature, which lets website visitors submit information that goes straight into the CRM. By putting malicious code into a large input field, like the Description box, the attacker set a trap. When an employee later asked the AI agent a normal question about that lead data, the agent would mistakenly treat the hidden instruction as part of its job.

According to Noma Security’s blog post, its researchers found that the AI could not tell the difference “between legitimate data loaded into its context versus malicious instructions.” To prove the risk, they ran a Proof of Concept (PoC), using malicious code to force the AI to grab sensitive CRM data like email addresses. The code tricked the AI into stuffing the data inside the web address for an image. When the system viewed that image, the private data was transmitted to the researchers’ server, confirming the successful theft.

****Stolen Data and Immediate Fixes****

The data at risk included sensitive information like customer contact details, sales pipeline data revealing business strategy, internal communications, and historical records. The vulnerability impacted any organisation using Salesforce Agentforce with the Web-to-Lead feature enabled, especially those in sales and marketing.

The attack also involved exploiting an outdated part of the system’s security rules (Content Security Policy, or CSP). Researchers discovered that a domain (my-salesforce-cms.com) that was still considered ‘trusted’ had actually expired and was available to purchase for just $5. An attacker could use this expired, but trusted, domain to secretly send stolen data out of the system.

After being informed about the issue on July 28th, 2025, Salesforce quickly investigated. By September 8th, 2025, the company had implemented fixes, including enforcing “Trusted URLs” for Agentforce and its Einstein AI, to stop data from being sent to untrusted web addresses, and re-securing the expired domain.

The firm advised users to immediately “enforce Trusted URLs for Agentforce and Einstein AI” and audit all existing lead data for unusual submissions. The vulnerability was made public on September 25th, 2025.

In a statement to Hackread.com, a Salesforce spokesperson said that the company is aware of the vulnerability reported by Noma and has released patches to stop Agentforce agents from sending output to untrusted URLs.

> _“Salesforce is aware of the vulnerability reported by Noma and has released patches that prevent output in Agentforce agents from being sent to untrusted URLs. The security landscape for prompt injection remains a complex and evolving area, and we continue to invest in strong security controls and work closely with the research community to help protect our customers as these types of issues surface.”_
> 
> Salesforce Spokesperson

****Why It’s Important****

The ForcedLeak flaw is particularly important to discuss in light of the massive Salesforce-linked data breaches that have surfaced this year. Salesforce sits at the heart of business operations for thousands of organisations, holding sensitive customer records, financial details, and sales strategies.

A vulnerability in its AI-powered Agentforce system means attackers could exploit a trusted platform not just to steal isolated records, but to automate large-scale data extraction through everyday business processes.

With CRM data often being the crown jewels for enterprises, combining AI vulnerabilities with already high-value Salesforce environments greatly increases the risk, making it critical for organisations to reassess their exposure and security controls.

****Expert View****

“It’s advisable to secure the systems around the AI agents in use, which include APIs, forms, and middleware, so that prompt injection is harder to exploit and less harmful if it succeeds,” said Chrissa Constantine, Senior Cybersecurity Solution Architect at Black Duck.

She stressed that true prevention is around maintaining configuration and establishing guardrails around the agent design, software supply chain, web application, and API testing.

ForcedLeak Flaw in Salesforce Agentforce AI Agent Exposed CRM Data

Urgent warning for Fortra GoAnywhere MFT users. A CVSS 10.0 deserialization vulnerability (CVE-2025-10035) in the License Servlet allows command injection. Patch to v7.8.4 immediately to prevent system takeover.

Thousands of companies using Fortra’s GoAnywhere Managed File Transfer (MFT) solution are facing an immediate threat of full system takeover. The issue, officially labelled CVE-2025-10035 and published on September 18, 2025, carries the maximum risk score of 10.0, meaning criminals could gain complete control of systems designed to handle sensitive organisational data.

****What’s the Risk?****

This critical problem is rooted in Fortra’s GoAnywhere MFT’s License Servlet, a component that deals with license checks. It is essentially a deserialization vulnerability. To put it simply, MFT solutions are used by businesses to safely and reliably move large amounts of electronic data (like customer records/financial information) between systems. The software converts complex data into a simple format for transfer (serialisation) and then converts it back (deserialization).

The flaw allows a malicious person to trick the software during the reversal (deserialization) process by using a “validly forged license response signature” to load a harmful object, Fortra’s advisory explains. This can lead to command injection, letting an attacker run their own code on the system.

For your information, GoAnywhere MFT is a high-security solution that automates and protects data exchange for enterprises, including Fortune 500 deployments. So, this flaw may let an attacker seize the entire file transfer infrastructure, risking highly sensitive corporate and government data.

According to long technical analysis from watchTowr Labs, shared with Hackread.com, highlighted the gravity of the situation, noting that there are “over 20,000 instances exposed to the Internet. A playground APT groups dream about.”

Source: watchTowr Labs

Their analysis points to a significant mystery: despite the perfect CVSS 10.0 score, exploiting the bug appears difficult on paper due to a required signature verification check. Yet, the high score, combined with the vendor deleting and updating advisories, suggests the threat is very real as “no vendor assigns a CVSS 10 to a purely theoretical bug.”

This isn’t the first time we’ve seen this; back in 2023, a similar pre-authentication command injection flaw (CVE-2023-0669) in the same product was widely exploited by the cl0p ransomware gang.

****Immediate Action Needed to Protect Data****

The good news is that Fortra has released updates in version 7.8.4 and Sustain Release 7.6.3 to fix the flaw. Organisations are strongly urged to upgrade to one of these patched versions right away.

It is worth noting that this attack relies on the system being directly connected to the public internet, a situation common for these kinds of software. Therefore, as an additional safeguard, administrators should immediately ensure the GoAnywhere Admin Console is not open to the public. Limiting access by placing the service behind a firewall or a VPN is a vital first step, along with monitoring system logs for any unusual activity.

Ryan Dewhurst, a threat intelligence expert at watchTowr, considers this extremely serious, saying, “This issue is almost certain to be weaponised for in-the-wild exploitation soon.”

“The newly disclosed vulnerability in Fortra’s GoAnywhere MFT solution impacts the same license code path in the Admin Console as the earlier CVE-2023-0669, which was widely exploited by multiple ransomware and APT groups in 2023, including LockBit,_“_ he emphasised.

“With thousands of GoAnywhere MFT instances exposed to the Internet, this issue is almost certain to be weaponised for in-the-wild exploitation soon,_“_ Ryan warned.

“While Fortra notes exploitation requires external exposure, these systems are generally Internet-facing by design, so organisations should assume they are vulnerable. Organisations should apply the official patches immediately and take steps to restrict external access to the Admin Console,” Dewhurst noted in his comments shared with Hackread.com.

Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems

China-backed UNC5221 targets US legal and tech firms by deploying BRICKSTORM malware on neglected VMware and Linux/BSD appliances, Google's Mandiant reports.

A group of hackers with links to China has been caught running a long-term spying operation against US companies. Cybersecurity researchers at Mandiant (part of the Google Threat Intelligence Group) are tracking this threat, named BRICKSTORM, which targets specialised operating systems like Linux and BSD (Berkeley Software Distribution).

Mandiant’s investigation shows the group’s mission to steal valuable intellectual property and sensitive information related to national security and international trade. These hackers have maintained access for a worryingly lengthy time, averaging 393 days, mostly targeting the legal services, technology, SaaS, and Business Process Outsourcers (BPOs) sectors since at least March 2025.

Industries targeted by BRICKSTORM (Image credit: Mandiant)

****BRICKSTORM Malware****

The hackers, tracked by Mandiant as UNC5221, which was also behind the widespread exploitation of the Ivanti VPN zero-day in January 2025, use a new and custom-designed Go-language BRICKSTORM malware. In this case as well, the group exploits zero-day vulnerabilities to infect network appliances and servers with malware.

According to Mandiant’s blog post, this initial access is consistently used to move to high-value systems, particularly VMware vCenter and ESXi hosts. To achieve this, the attackers first deploy BRICKSTORM to a network appliance, steal valid credentials, and then move laterally via SSH to the vCenter server

Researchers further explain that BRICKSTORM features SOCKS proxy functionality, enabling attackers to tunnel traffic and move quietly through the network. Once that is complete, they capture high-privilege user logins while using the organisation’s own network devices to hide their activity.

The malware is under active development, using “advanced obfuscation” (like the tool Garble and a custom internal library) to continuously evade security measures.

****What’s the Big Goal?****

Mandiant believes the hackers are focused on long-term objectives, beginning with the compromise of Software as a Service (SaaS) providers and extending to the networks of their customers.

Additionally, a common objective observed in these attacks is to access the emails of critical personnel, particularly system administrators and developers relevant to the economic and espionage interests of the People’s Republic of China (PRC). To infiltrate any mailbox, threat actors employed Microsoft Entra ID Enterprise Applications with elevated access scopes (like mail.read or full_access_as_app).

Mandiant strongly suggests that companies must work on their cybersecurity. The company has also shared a free scanner script on its GitHub page that organisations can use to check their Linux-based systems for the BRICKSTORM backdoor.

****Expert Takeaway****

Ensar Seker, CISO at SOCRadar, reflected on the seriousness of the campaign. In his exclusive insight shared with Hackread.com, Seker stated that BRICKSTORM is a “wake-up call.” He explained that the attackers’ strategy gives them a “multiplier effect on reach” because by getting into service providers, they gain “pathways into their clients and partners.”

Seker emphasised that this operation is about “building capabilities that can support multiple future attacks” by stealing internal designs and learning how to bypass defences. From a defence standpoint, he advises companies to “assume that any vendor they trust may be compromised, not eventually, but right now,” requiring them to adopt stricter security measures and “zero-trust architectures” around vendor connections.

“In a nutshell, Brickstorm is a wake-up call: adversaries are no longer treating high-value firms as endpoints to exploit, but as nodes in a broader intelligence and access network. Defending against that requires that we think in ecosystems and assume compromise, not just for ourselves, but for every connected party,” Seker advised.

China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware

Luxembourg, Luxembourg, 25th September 2025, CyberNewsWire

**Luxembourg, Luxembourg, September 25th, 2025, CyberNewsWire**

Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q1-Q2 2025 Radar report into DDoS attack trends. DDoS attacks have reached unprecedented scale and disruption in 2025, and businesses need to act fast to protect themselves from this evolving threat. The report reveals a significant escalation in the total number of DDoS attacks and their magnitude, measured in terabits per second (Tbps).

It also highlights a clear shift: attackers are growing more strategic, blending brute-force volume with precise application-layer manipulation.

**Key Insights From Q1-Q2 2025**

·      Attack volumes increased by 41% compared to Q1-Q2 2024, evidencing dangerous long term growth trends predicted in prior Radar reports.

·      The largest attack peaked at 2.2 Tbps in Q1-Q2, surpassing the 2 Tbps peak recorded in late 2024.

·      DDoS attacks are becoming longer in duration but more harmful.

·      Attackers are shifting focus to financial services and tech, with tech overtaking gaming as the most targeted sector.

·      DDoS attacks at the application layer have increased by 10% from Q3-Q4 2024 to Q1-Q2 2025.

·      The total number of DDoS attacks climbed from 969,000 in H2 2024 to 1.17 million in H1 2025.

> Andrey Slastenov, Head of Security at Gcore, commented: “The latest Gcore Radar should be a wake-up call to businesses across all industries. Not only are the number and intensity of attacks increasing, but attackers are expanding the scope of their attacks to reach an increasingly wide range of sectors. Businesses must invest in robust DDoS detection, mitigation, and protection to prevent the financial and reputational impact of an attack.’’

**Recent Data Shows Shift Toward Longer Sustained Assaults**

Attacks shorter than 10 minutes have decreased by about 33%, while those lasting between 10 and 30 minutes have nearly quadrupled. While previous reports highlighted the dominance of very short, intense DDoS attacks, this change indicates that attackers are adapting to the improved automatic detection and mitigation systems employed by companies to handle brief attacks. By extending attack durations, threat actors can circumvent these temporary defense thresholds, cause more extensive damage, and test infrastructure resilience over time.

Multi-vector attacks have also increasingly become a preferred tactic of attackers. By masking malicious activity within seemingly legitimate traffic, attackers complicate detection and extend their window to cause damage. This shift toward more sophisticated attacks underscores the need for an equally layered defense approach that anticipates attacker strategies and protects critical digital assets holistically.

**Data Indicates Rise in Attacks on Vulnerable Sectors**

Gaming is no longer the dominant target it once was. Its share of total DDoS attacks has dropped significantly (30% in the last year). This notable decline suggests attackers are shifting focus to other sectors such as tech (attacks increased by 15%) and financial services (attacks increased by 15%). These sectors are favored targets because they may be less protected against threat actors and have higher disruption potential.

**The Domino Effect of Cyberattacks**

Hosting providers, in particular, have become prime targets due to their role supporting SaaS, e-commerce, gaming, and financial clients. An attack on one hosting provider can have dangerous ripple effects: massive service outages and reputation damage to dozens of dependent companies.

**Geographical Distribution of DDoS Attacks**

With a presence that spans six continents, Gcore can accurately track the geographical sources of DDoS attacks. Gcore derives these insights from the attackers’ IP addresses and the geographic locations of the data centers where malicious traffic is targeted.

Although the **United States** and the **Netherlands** remain top sources for attacks (as found in previous Radar reports), Hong Kong is a new source of threats. **Hong Kong** now accounts for 17% of all network-layer and 10% of application-layer attacks. These findings indicate that attackers are expanding into emerging areas, highlighting the need for proactive and adaptive defenses across diverse regions.

**Emerging Origins of Attacks**

The rapid increase in application layer attacks (28% to 38% from Q3-Q4 2024 to Q1-Q2 2025) also reveals an overall trend toward multi-layered attacks targeting web application and API vulnerabilities, which particularly impact sectors with a high degree of customer interaction (ranging from e-commerce and online banking to logistics and public services).

To access the full report, please visit: https://gcore.com/resources/gcore-radar-attack-trends-q1-q2-2025

**About Gcore**

Gcore is a global edge AI, cloud, network, and security solutions provider. Headquartered in Luxembourg, with a team of 600 operating from ten offices worldwide, Gcore provides solutions to global leaders in numerous industries. Gcore manages its global IT infrastructure across six continents, with one of the best network performances in Europe, Africa, and LATAM due to the average response time of 30 ms worldwide. Gcore’s network consists of 210 points of presence worldwide in reliable Tier IV and Tier III data centers, with a total network capacity exceeding 200 Tbps.

Further information is available at gcore.com and updates are also shared on LinkedIn, Twitter, and Facebook.

**Gcore Press Contact**   

\[email protected\] 

**PR Agency Contact**  

\[email protected\]

**Contact**

**Ms.**  
**Kira Kurepina**  
**Gcore**  
**\[email protected\]**

Gcore Radar Report Reveals 41% Surge in DDoS Attack Volumes

The Python Software Foundation (PSF) warns developers of phishing emails leading to a fake PyPI login site designed to steal account credentials.

The Python Software Foundation (PSF) is warning developers about a fresh phishing campaign that targets users of the Python Package Index (PyPI) with convincing but fake emails and a fake login site.

The emails ask recipients to verify their account details for “maintenance and security procedures.” Those who don’t follow the instructions are threatened with account suspensions, and the link they are urged to click leads to a spoofed site hosted at pypi-mirror.org.

Seth Larson, a developer at the PSF, explained that anyone who entered their credentials on the phishing site should change their PyPI password right away and review their account’s Security History for any unusual activity. He also encouraged users to report suspicious emails or phishing attempts directly to [email protected].

The danger behind these attacks is not limited to individual accounts. Once threat actors obtain login details, they can tamper with trusted packages already published to PyPI or push out new ones with malware. This could expose developers and companies that rely on those packages, impacting anyone who relies on those packages

This campaign is not the first of its kind. A similar attempt in July used the domain pypj.org to trick developers into handing over their login details. The latest attack follows the same structure, suggesting that more phishing domains could appear in the future.

PyPI maintainers have already taken action by contacting registrars and content delivery networks to remove malicious domains, submitting them to browser blocklists, and coordinating with other open source platforms to improve response times. They are also exploring ways to strengthen two-factor authentication so that phishing attempts are less effective.

****Advice from an Expert****

Shane Barney, Chief Information Security Officer at Keeper Security, said phishing is not disappearing; it is adapting. Attackers will continue spinning up new domains to trick users, but the real focus for security leaders should be on limiting the damage when someone inevitably clicks.

According to Barney, this starts with stronger authentication methods, such as hardware-based keys like YubiKeys, which resist phishing attempts. Combined with password managers that only auto-fill credentials on verified domains, the two approaches shut down the most common paths attackers rely on.

For enterprises, he added, privileged access management plays a critical role by enforcing least privilege, restricting lateral movement, and monitoring activity. Even if malicious code makes it through, it cannot spread unchecked. “The aim isn’t to eliminate all risk, but to build enough guardrails so one stolen password doesn’t escalate into a full-blown breach,” Barney said.

Nevertheless, do not click on links in emails unless you initiated the action yourself, rely on verified legitimate domains, and consider using hardware keys for phishing-resistant two-factor authentication. Sharing suspicious emails with peers or community channels is also encouraged, since being cautious helps protect not just one developer but the Python community overall.

PSF Warns of Fake PyPI Login Site Stealing User Credentials

Darktrace researchers have uncovered ShadowV2, a new botnet that operates as a DDoS-for-hire service by infecting misconfigured Docker containers on AWS cloud servers.

Cybersecurity researchers at Darktrace have identified a new botnet called ShadowV2 is structured as a DDoS-for-hire service, offering attackers an easy way to launch large-scale attacks on demand.

This means anyone can rent access to its network to launch a distributed denial-of-service (DDoS) attack, making it easier for attackers to generate massive traffic surges similar to those seen in record-breaking incidents across the internet.

ShadowV2 doesn’t go after typical home computers; it infects misconfigured Docker containers on Amazon Web Services (AWS) cloud servers. Docker is a technology that lets developers package and run applications in isolated environments called containers. These containers are a modern way to build and run software, but if they’re not set up correctly, they can be exploited by cybercriminals.

****The Attack****

The attack starts with a Python script hosted on GitHub CodeSpaces, which creates a temporary ‘setup’ container on a victim’s machine. The botnet then installs its core malware, a Go-based Remote Access Trojan (RAT), into this setup. The botnet then uses this container to create a new, infected container.

According to Darktrace, this is a major example of ‘cybercrime-as-a-service’ (CaaS), where illegal activities are now being treated like professional business ventures. The attackers have built a complete platform with a user login screen and a user-friendly control panel. The system is well-designed enough to mirror “legitimate cloud-native applications in both design and usability,” researchers noted in the blog post.

ShadowV2 Login UI (Screenshot via Darktrace)

Additionally, the botnet regularly checks in with a central server using a “RESTful registration and polling mechanism” to get its commands. It uses advanced tactics like a Cloudflare under attack mode (UAM) bypass and “HTTP/2 rapid reset,” which allows it to send massive amounts of traffic at once.

****Fake Law Enforcement Seizure Notice****

Darktrace first spotted the attack on June 24 and found older versions of the malware that had been submitted to a public threat database on June 25 and July 30. The botnet’s main website even displays a fake law enforcement seizure notice as a trick, though the system itself remains fully functional.

Fake seizure notice (Image Source: Darktrace)

Jason Soroko, Senior Fellow at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM), sees the botnet as evidence of a “maturing criminal market where specialisation beats sprawl.”

He notes that the operators have simplified their business by focusing only on DDoS attacks and selling access, which “reduces operational risk, simplifies tooling, and aligns incentives with paying customers.”

Soroko adds that the use of a professional API and full user interface turns the botnet into a “platform, which shifts detection from host indicators toward control plane behaviours.” He advises defenders to treat this botnet as a “product with a roadmap,” and to watch for upgrades and new tactics.

ShadowV2 Botnet Uses Misconfigured AWS Docker for DDoS-For-Hire Service

UK police arrest man over cyberattack on Collins Aerospace that disrupted check-in at Heathrow, Berlin, Brussels and other airports.

A 40-year-old man was arrested in West Sussex this week in connection with a cyberattack that knocked out check-in systems at several major European airports, including London’s Heathrow, Berlin and Brussels.

The UK’s National Crime Agency (NCA) has confirmed the arrest on suspicion of offences under the Computer Misuse Act and says the investigation is ongoing. However, after his arrest, the suspect was reportedly released on conditional bail. The NCA says it is still early days, and it has not publicly identified others involved or the full motive behind the attack.

_“_It is a positive update that a suspect has already been arrested in connection with this attack. It also highlights the priority law enforcement is placing on catching the perpetrators of cybercrime today,_“_ said Ryan McConechy, CTO at Barrier Networks.

_“_We don’t know how the attack was executed, but we do know ransomware was involved. Organisations must learn from this and prioritise their defences against the vector, and this means training staff regularly, patching vulnerabilities, deploying phishing-resistant MFA capabilities, inventorying assets, monitoring the security of suppliers and applying network segmentation to protect an organisation’s most important assets,_“_ Ryan emphasised.

****Cyber Attack on Collins Aerospace****

The attack targeted Collins Aerospace, a company whose systems handle check-in, baggage tagging and boarding processes at airports. Around Friday night, those systems began failing. Airport staff were forced to use handwritten boarding passes, backup laptops or manual check-in methods while efforts were underway to restore automated services.

Passengers faced delays and cancellations. Brussels in particular felt the impact hard: over the weekend, it cancelled dozens of flights and asked airlines to cut back departures after it proved difficult to restore the compromised system. Berlin also experienced long queues as staff tried to catch up.

Cyberattack Disrupts Airport Check-In Systems Across Europe

Authorities believed the attack involved ransomware. The EU cybersecurity agency ENISA said a “third-party ransomware” was behind the outages. Collins Aerospace acknowledged a “cyber-related disruption” and is coordinating with airports and law enforcement to restore systems.

This incident adds to a growing list of cyber events affecting transport infrastructure worldwide, from rail systems to shipping terminals. Last week, UK authorities arrested two individuals linked to the Scattered Spider group during an investigation into a cyberattack on Transport for London (TfL) that caused millions of pounds in damage.

UK Arrest Made After Cyberattack Disrupts Major European Airports

Cloudflare stopped a record 22.2 Tbps DDoS attack, showing how massive these threats have become and why strong DDoS attack protection is essential.

Cloudflare says it has stopped the largest DDoS attack (distributed denial of service attack) ever recorded. The attack peaked at 22.2 terabits per second and 10.6 billion packets per second. It was detected and mitigated automatically by Cloudflare’s network.

The company reported that the event lasted only 40 seconds but was still twice the size of anything previously seen on the internet. However, in the first week of September 2025, the company stopped a DDoS attack that reached 11.5 terabits per second and lasted about 35 seconds.

DDoS attacks work by overwhelming websites or services with massive amounts of traffic. In this case, the scale was so high that many providers without automated DDoS protection would not have been able to stay online.

Cloudflare has not shared details on the target of the attack, but in a tweet, it pointed out that its systems handled the surge without disruption. The announcement shows how attackers continue to test new levels of volume in their attempts to take services offline.

Massive DDoS incidents are becoming more common, and providers need the capacity to block them in real time. Organisations and users also need to rely on proper DDoS mitigation services to reduce the risk of becoming the next target.

Cloudflare Blocks Record 22.2 Tbps DDoS Attack

The FBI is warning internet users about fake versions of its official IC3 cybercrime reporting website. Learn how to spot these ‘spoofed’ sites, avoid scams where criminals impersonate agents, and protect your personal information by following the FBI’s crucial safety tips.

The Federal Bureau of Investigation (FBI) has issued a critical Public Service Announcement (PSA) revealing that cybercriminals are creating fake, or ‘spoofed,’ versions of the FBI’s IC3 (Internet Crime Complaint Center) website to steal user data.

IC3 is a primary tool where people can file reports on cybercrime and online scams. The platform was established in 2000 as the Internet Fraud Complaint Centre but was later renamed in 2003 to represent its overall mission.

According to the FBI’s advisory, threat actors create these fake websites by making slight changes to the legitimate domain name, such as alternate spellings or different web addresses, as seen in previous cases like ɢoogle.com rather than Google.com. This is done to “gather personally identifiable information entered by a user into the site, including name, home address, phone number, email address, and banking information.”

The advisory warns that users may unknowingly visit these fake portals while attempting to file an official report, exposing their sensitive data. The goal of these fake sites is to steal personal information and trick people into monetary scams.

The FBI also warns that these scammers may even pretend to be IC3 staff. They might contact you, claiming they can get your lost money back, but only if you pay them a fee first. This is a clear sign of a scam, as the FBI and IC3 will never ask for payment to help a victim. In fact, between December 2023 and February 2025, the agency received over 100 reports of these impersonation scams.

****Not The First Time****

This is not the first time that scammers have impersonated the Internet Crime Complaint Center to carry out possible phishing or malware campaigns. As far back as 2018, fraudulent emails and websites mimicking IC3 were used to trick users into providing sensitive information, sometimes even embedding malicious files for installation.

Screenshots of fake emails sent by hackers back in February 2018 (Screenshot credit: Hackread.com)

****What can you do to protect yourself?****

The FBI has some crucial advice. The safest way to access the site is to type www.ic3.gov directly into your browser’s address bar. The FBI specifically advises against using search engines and clicking on ‘sponsored’ results, which are often paid ads for these fake sites.

Always check the URL to make sure it ends in ‘.gov’ and has no misspellings, and avoid clicking on links with low-quality graphics, which are another hallmark of fraudulent websites.

Keep in mind that the IC3 does not have any social media pages, so if you see one claiming to be official, it’s a fake. If you fall victim to one of these impersonation scams, be sure to report it to the real IC3 site and provide as much detail as possible, including any financial transaction information.

FBI Warns of Fake IC3 Websites Designed to Steal Personal Data

Microsoft patched an Entra ID vulnerability that let attackers impersonate Global Admins across tenants, risking full Microsoft 365 and Azure takeover.

Microsoft has addressed a critical security vulnerability in Azure Entra ID, tracked as CVE-2025-55241, that was initially described as a low-impact privilege escalation bug. Security research later revealed the flaw was far more severe, allowing attackers to impersonate any user, including Global Administrators.

The vulnerability was originally identified by cybersecurity researcher Dirk-Jan Mollema while preparing for Black Hat and DEF CON presentations earlier this year. His findings showed that undocumented “Actor tokens,” combined with a validation failure in the legacy Azure AD Graph API, could be abused to impersonate any user in any Entra ID tenant, even a Global Administrator.

This meant a token generated in one lab tenant could grant administrative control over others, with no alerts or logs if only reading data, and limited traces if modifications were made.

The design of Actor tokens, as per Mollema, made the problem even worse. These tokens are issued for backend service-to-service communication and bypass normal security protections like Conditional Access. Once obtained, they allowed impersonation of other identities for 24 hours, during which no revocation was possible.

Microsoft applications could generate them with impersonation rights, but non-Microsoft apps would be denied that privilege. Because the Azure AD Graph API lacked logging, administrators would not see when attackers accessed user data, groups, roles, tenant settings, service principals, BitLocker keys, policies, etc.

In his detailed technical blog post, Mollema demonstrated that impersonation worked across tenants because the Azure AD Graph API failed to validate the token’s originating tenant. By changing the tenant ID and targeting a known user identifier (netId), he could move from his own tenant into any other.

With a valid netId of a Global Admin, the door opened to full takeover of Microsoft 365, Azure subscriptions, and connected services. Worse, netIds could be brute forced quickly, or in some cases, retrieved from guest account attributes in cross-tenant collaborations.

“The demo video shows how Actor tokens can be used within a single tenant, though the same method could have been applied across tenants through this vulnerability.”  

Microsoft rolled out a global fix on July 17, just three days after the initial report and later added further mitigations that block applications from requesting Actor tokens for the Azure AD Graph. The company said no evidence of exploitation was found in its internal telemetry. On September 4, the vulnerability was officially catalogued as CVE-2025-55241.

Security professionals, however, say the issue exposes broader concerns about trust in cloud identity systems. Anders Askasan, Director of Product at Radiant Logic, argued that “This incident shows how undocumented identity features can quietly bypass Zero Trust.”

_“_Actor tokens created a shadow backdoor with no policies, no logs, no visibility, undermining the very foundation of trust in the cloud. The takeaway is clear: vendor patching after the fact simply isn’t enough,” he added.

_“_To reduce systemic risk, enterprises need independent observability across their entire identity fabric, continuously correlating accounts, entitlements, and policies,_“_ he advised. “Organisations need a trusted, vendor-agnostic view of their identity data and controls, so they can validate in real time and act before an adversarial incursion escalates into a breach that’s almost impossible to unwind.”

Source

HackRead