You’ve got an important choice to make: HubSpot or Salesforce?

On the surface, both of these leading CRM platforms have a lot to offer, from AI to end-to-end tools covering every customer-facing task. But choosing the right CRM isn’t just about sorting through a checklist of features. Before you invest in Salesforce or HubSpot implementation services, you need to think about how well the system fits with your business. 

By 2032, the CRM software market will be worth more than $262.74 billion. Businesses are doubling down on customer relationships, and for good reason. Acquiring a new customer can cost five times more than keeping an existing one. With buyer journeys now stretching across multiple channels and platforms, keeping track of everything manually is impossible. 

That’s why the right CRM is a crucial catalyst for growth. All you need to decide is whether you should be investing in HubSpot’s intuitive, marketing-first system, or Salesforce’s power-packed, flexible architecture.  

****HubSpot vs Salesforce: A Quick Overview** **

Sometimes, you don’t have the time or energy to sort through endless CRM feature lists. If you want to know quickly how HubSpot and Salesforce stack up against each other, here are the basics: 

**Feature** 

**HubSpot** 

**Salesforce**  

Best for 

Startups, small-to-midsize teams 

Mid-size to large enterprises 

Ease of Use 

Incredibly user-friendly, visual 

Steeper learning curve 

Marketing Features 

Built-in, strong native tools 

Requires add-ons or integrations 

Sales Features 

Pipeline management, sales automation, email tracking, etc 

Enhanced sales forecasting, AI insights, sales automation and lead scoring.  

Customization 

Limited without coding 

Extremely flexible, developer-friendly 

Integrations 

Native integrations + app marketplace 

Extensive AppExchange ecosystem 

AI Capabilities 

AI capabilities with advanced Breeze Agent features  

Einstein AI for deep analytics and Agentforce 

Pricing Model 

Freemium base, scales with needs 

Higher upfront cost, modular pricing 

Support & Resources 

Solid, fast-growing knowledge base 

Comprehensive but sometimes slower 

****What is HubSpot? Key Features & Who It’s For**  **

HubSpot is one of the most user-friendly CRM solutions out there. It’s sleek, focused, and ideal for businesses who want to hit the ground running without spending weeks on training. 

The CRM itself is completely free to start. That alone draws a ton of startups. But that’s just the tip of the iceberg. What makes HubSpot special is its comprehensive approach.  

It has “Hubs” for everything, like the Marketing Hub, Sales Hub, Service Hub, and the very underrated CMS Hub. It’s one of the few platforms where marketing automation, blogging, SEO tools, email campaigns, and lead scoring all live under the same roof. 

You’ll get customizable sales pipelines, email templates, chatbot builders, help desk tools, and even social media scheduling options. The interface is refreshingly visual and straightforward, and most of the time, you won’t need a developer to take advantage of core features.  

Salesforce is ideal for small and mid-sized businesses, scrappy startups, and B2B or SaaS companies that want to unify sales, marketing, and customer support without the stress.  

****What is Salesforce? Core Features & Who It’s For** **

Salesforce is the grand champion of CRM providers, with the biggest market share by far. Salesforce is big. Not just in market share, but in capability. It’s the enterprise-grade CRM juggernaut for teams that want to build exactly what they need, even if that means pulling in developers, consultants, or an entire internal operations team.  

It’s modular, customizable, and endlessly extendable, especially with products like Sales Cloud, Service Cloud, Marketing Cloud, and AppExchange. Features are extensive, ranging from lead tracking to opportunity management, AI-based forecasting with Einstein, automated workflows, case resolution, analytics dashboards and so much more. 

With Agentforce, companies can even tap into the benefits of customizable agentic AI solutions. The issue with Salesforce it isn’t plug-and-play. It takes a lot of effort and expertise to use properly. 

That’s why Salesforce is best suited to larger enterprises and corporations that want real customization opportunities, flexible features, and scale.  

****Salesforce vs HubSpot: Key Feature Showdown** **

Comparing Salesforce and HubSpot can be tricky. While there’s a lot of overlap between them on the surface – they’re still very different. One’s streamlined, agile, and great for beginners. The other is a powerhouse that can crush anything if you’ve got the right people running it. 

Here’s a look at some of the biggest factors side-by-side: 

****Ease of Use** **

HubSpot is cleaner, friendlier, and doesn’t make you feel like you need an IT degree to get going. The menus make sense, the UX is smooth, and the setup is fast. For smaller teams or non-technical users, it’s an ideal choice that leaves unnecessary complexity behind. 

Salesforce is powerful but dense. The interface can be a lot harder to navigate, and getting everything set up and aligned takes a lot of work. For teams with dedicated admins or consultants, that complexity is an asset, allowing for more customization, but for smaller teams, it’s a challenge.  

****Marketing Features** **

HubSpot shines from a marketing perspective. It’s one of the initial inbound marketing pioneers and offers companies tools for email workflows, landing page builders, form tracking, blog hosting, and SEO. The Marketing Hub gives you a full toolkit, with no plugins required. 

Salesforce has its Marketing Cloud, which offers a brilliant selection of tools for companies running multichannel, data-driven campaigns. You get built-in AI to help you personalize strategies and intuitive automation solutions, but there is an extra cost. 

****Sales Features**  **

Both platforms handle sales well but in different ways. HubSpot makes tasks visual and straightforward with drag-and-drop pipelines, activity timelines, call tracking, and email logging. It feels modern and human. 

Salesforce offers more heavyweight tools like opportunity scoring, advanced forecasting, territory management, and role-based access. If your team handles hundreds of leads across multiple regions, Salesforce might be the stronger option.  

****Reporting & Dashboards** **

Salesforce dominates on the data front. You can create insanely detailed reports, cross-object dashboards, and predictive forecasting. But it comes with a steep learning curve, and building reports sometimes requires custom logic or developer support. 

HubSpot offers a solid middle ground. Their dashboards are visual, pre-built templates help non-technical folks a lot, and the custom report builder is intuitive. For most teams, it’s more than enough, unless you’re in data analytics deep-dive mode 24/7. 

****AI and Automation Capabilities** **

HubSpot has strong automation for email workflows, lead nurturing, internal tasks, and custom triggers. You can build smart sequences in minutes. From an AI perspective, you get AI content writers, AI reporting assistants, and Breeze AI agents.  

Salesforce goes deeper with Process Builder and Flow, which let you automate practically anything. But it’s not plug-and-play. It requires someone who knows what they’re doing, or you’ll be staring at a flowchart in confusion. For AI, Salesforce offers a range of Einstein tools, as well as the new Agentforce system for agentic AI.  

****Integration Ecosystem and Customization**  **

HubSpot has a rapidly growing App Marketplace with 1,000+ integrations with tools like Slack, Zoom, Stripe, Shopify, you name it. Most connect in a few clicks, and HubSpot implementation can take minutes, particularly when working with a company like Routine Automation. However, you will be limited when it comes to custom integrations and configurations.  

Salesforce has an incredible AppExchange. If it exists, it probably plugs into Salesforce. But setup isn’t always seamless, and some third-party apps require development work to get humming. You do get exceptional customization options though, without limitations.  

****Pricing & Total Cost of Ownership** **

HubSpot starts with a strong freemium model, so you can grow into it. Pricing scales as you unlock features or add contacts, but it’s transparent and easy to follow.  

Salesforce, on the other hand, has a more complex pricing model. Per-user fees, product-specific costs, and potential integration fees all add up. But if you’re using the full feature set, the value is there. 

****Choosing the Right CRM For You** **

Examining the features of both platforms is just the first step. Before you can make the right decision, you need to ask a few crucial questions:  

1.  **Simplicity vs scalability, which matters most?** If you’re looking for simplicity, HubSpot is the obvious winner. However, if you want more advanced features, customization options, and scalability, Salesforce is the better choice. You’ll just need help managing the learning curve. 
2.  **What do your workflows look like?** If your reps live in their inbox and need a fast way to log calls and deals, choose HubSpot. If they’re juggling accounts across regions, reporting up to five different people, pick Salesforce. 
3.  **How much do you need to integrate?** Salesforce is virtually limitless when it comes to integration options. HubSpot offers fewer options, so if you’ve got a complicated tech stack already, you might want to consider Salesforce. 
4.  **How much support do you need?** Are you looking for end-to-end documentation, training, and a large consultant network? Salesforce could be the better bet. HubSpot has great self-help resources too, but they’re not always as in-depth. 
5.  **What’s your Budget?** HubSpot grows with you, cost-wise. Salesforce can be a heavy initial investment, but might pay off fast if you’re scaling rapidly and need those deep analytics. 

Beyond all that, remember to think about your specific needs. What kind of security and compliance standards do you need to adhere to? Should your tools be mobile-accessible? Are there any industry-specific features that matter to you? 

****Implementing HubSpot or Salesforce the Right Way** **

HubSpot or Salesforce? The right answer depends less on which has the flashiest features and more on which one fits your team. One’s built for speed, simplicity, and marketing-driven growth. The other is a customizable powerhouse for complex workflows and big-picture visibility. 

The truth is, the results you get from either CRM, Salesforce or HubSpot, depend on how you set your technology up. Implementation matters. And doing it right doesn’t just mean turning things on. You’ll need to configure pipelines to match your sales processes, automate the right tasks, set up dashboards, and make sure everything is aligned.  

This is where a partner steps in. Someone who understands not just the tools, but how to make them work for your team. Don’t just pick a CRM platform and hope for the best. Make sure your technology works for you, with the right implementation partner.  

(Image by TyliJura from Pixabay)

HubSpot vs Salesforce: Which CRM Fits Your Business? 

The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with…

The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with notable achievements in cybersecurity research. A total of $695,000 has been awarded for 39 unique **zero-day vulnerabilities**, with the final day scheduled for Saturday, May 17.

****Day One: Major Exploits and AI Category Debut****

On May 15, the competition commenced with 11 exploit attempts, including the first-ever AI category. Researchers earned $260,000 for successful demonstrations across various platforms.

****Key Highlights:****

*   **Windows 11:** Chen Le Qi of STAR Labs SG combined a use-after-free and integer overflow to escalate privileges to SYSTEM, earning $30,000 and 3 Master of Pwn points.

*   **Red Hat Linux**: Pumpkin from the DEVCORE Research Team exploited an integer overflow for privilege escalation, securing $20,000 and 2 points.

*   **Oracle VirtualBox:** Team Prison Break achieved a virtual machine escape via an integer overflow, receiving $40,000 and 4 points.

*   **Docker Desktop:** Billy and Ramdhan of STAR Labs demonstrated a container escape using a Linux kernel vulnerability, earning $60,000 and 6 points.

*   **AI Category:** Sina Kheirkhah of Summoning Team exploited the Chroma AI application database, marking the first success in this category and earning $20,000 and 2 points.

Additional awards were given for other successful exploits, including a type confusion bug in Windows 11 by Hyeonjin Choi of Out Of Bounds, who earned $15,000 and 3 points.

****Day Two: Continued Success and High-Value Exploits****

The second day, May 16, saw researchers uncovering 20 unique zero-day vulnerabilities, resulting in $435,000 in awards.

*   **Microsoft SharePoint:** Dinh Ho Anh Khoa of Viettel Cyber Security combined an authentication bypass and insecure deserialization to exploit SharePoint, earning $100,000 and 10 points.

*   **VMware ESXi:** Synacktiv demonstrated a successful exploit, securing $80,000 and 8 points.

*   **NVIDIA Triton Inference Server:** Mohand Acherir and Patrick Ventuzelo of FuzzingLabs earned $15,000 and 1.5 points for their exploit, which was a known but unpatched vulnerability.

Other successful exploits included attacks on Firefox, Redis, and additional AI systems.  
SecurityWeek

> Wrapping up Day Two of #Pwn2Own Berlin 2025. We’ve awarded $695,000 for 20 unique 0-days, with one more day to go! pic.twitter.com/x2oBfaSfKS
> 
> — Trend Zero Day Initiative (@thezdi) May 16, 2025

****Day Three: Anticipated Final Challenges****

The final day, Saturday, May 17, is expected to feature remaining scheduled attempts, including further AI category exploits and other high-profile targets. With $695,000 already awarded, the total prize pool is projected to surpass $1,000,000.

****Master of Pwn Standings****

As of the end of Day Two, STAR Labs SG leads the Master of Pwn standings, having demonstrated multiple successful exploits across various categories. The final standings will be determined after the conclusion of Day Three.

Pwn2Own Berlin 2025 has showcased the growing **challenges in cybersecurity**, highlighting the importance of proactive vulnerability research. The introduction of the AI category reflects the growing focus on securing emerging technologies.

_Note: The above information is based on the latest available data from the Pwn2Own Berlin 2025 event. For detailed results and updates, refer to the Zero Day Initiative’s **official blog**._

Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked

Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote…

Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote code execution, warns watchTowr.

Cybersecurity researchers at watchTowr have shared details of two security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, identified as CVE-2025-4427 and CVE-2025-4428 that can be combined to gain complete control over affected systems and are actively exploited by attackers.

Ivanti EPMM is a Mobile Device Management (MDM) solution system, crucial for enterprise security, acting as a central point to control software deployment and enforce policies on employee devices. However, the abovementioned flaws are turning this management tool into a potential entry point for malicious actors. watchTowr’s analysis, shared with Hackread.com, indicates that exploiting these vulnerabilities is surprisingly straightforward.

****Chained Exploits Lead to Full System Compromise****

The first vulnerability, CVE-2025-4427, is an authentication bypass flaw, which allows attackers to access protected parts of the Ivanti EPMM system without needing proper login credentials. The second vulnerability, CVE-2025-4428, is a remote code execution (RCE) flaw, which, if exploited, can let attackers run their own malicious code on the server.

Ivanti itself has acknowledged the severity when these issues are combined, stating that “successful exploitation could lead to unauthenticated remote code execution.” They have also reported awareness of a “very limited number of customers who have been exploited” since the vulnerabilities were disclosed.

This suggests that while the attacks might be targeted currently, they could become more widespread. watchTowr notes that once such targeted attacks become public, it’s common for attackers to start mass exploitation to find any remaining vulnerable systems.

Interestingly, Ivanti stated that the vulnerabilities are not in their own code but are “associated with two open-source libraries integrated into EPMM.” They emphasized that using open-source code is a standard practice in the tech industry.

****Technical Details and Exploitation****

watchTowr discovered an RCE vulnerability (CVE-2025-4428) in the hibernate-validator library, allowing attackers to inject malicious code through a parameter called “format” in API requests. watchtower successfully demonstrated this vulnerability by sending a simple web request that executed a calculation, proving code injection was possible. Moreover, they could execute system commands, like creating a file on the server.

The authentication bypass (CVE-2025-4427) is an “order of operations” issue rather than a traditional bypass. A crafted “format” parameter in a request to the /api/v2/featureusage_history endpoint triggers the vulnerable validation process before the authentication check, allowing an unauthenticated attacker to trigger the code execution vulnerability. The presence of the parameter changes the processing order, eliminating the need to log in first.

watchTowr successfully chained these two vulnerabilities in the Ivanti EPMM server by sending a crafted web request to the /rs/api/v2/featureusage endpoint with a malicious “format” parameter, allowing them to execute system commands without logging in, thus, creating a pre-authenticated RCE scenario.

These vulnerabilities pose a critical risk to organizations using affected versions. Patches are available for versions 11.12.0.5, 12.3.0.2, 12.4.0.2, and 12.5.0 and organizations using older unpatched versions are advised to update immediately

Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities

ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine…

ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine hacktivist group is behind the attack on the PyPI repository especially those used by Russian developers.

Cybersecurity researchers at ReversingLabs (RL) have discovered a new malicious Python package, named dbgpkg, that masquerades as a debugging tool but instead installs a backdoor on developers’ systems. This backdoor allows attackers to run malicious code and steal sensitive information. By analysing the techniques used, RL suspects a hacktivist group known for targeting Russian interests in support of Ukraine may be involved.

****Sophisticated Backdoor Uses Sneaky Python Tricks****

Reportedly, the dbgpkg package, detected on Tuesday by the RL threat research team, contained no actual debugging features. Instead, it was designed to trick developers into installing a backdoor, effectively turning their development machines into compromised assets.

What made “dbgpkg” particularly noteworthy was its sophisticated method of implanting the backdoor. Upon installation, the package’s code cleverly modifies the behaviour of standard Python networking tools (_requests_ and _socket_ modules) using a technique called “function wrapping” or “decorators.” This allows the malicious code to remain hidden until these networking functions are used by the developer.

Source: ReversingLabs

As per RL’s investigation, shared with Hackread.com, the malicious wrapper code first checks for a specific file, likely to see if the backdoor is already present. If not, it executes three commands. The first downloads a public key from the online Pastebin service.

The second installs a tool called Global Socket Toolkit, designed to bypass firewalls, and uses the downloaded key to encrypt a secret needed to connect to the backdoor. The third command then sends this encrypted secret to a private online location. This multi-stage process, along with using function wrappers on trusted modules, makes the malicious activity harder to detect.

****Links to Previous Pro-Ukraine Activity****

RL researchers found similarities between the dbgpkg backdoor and malware previously employed by the Phoenix Hyena hacktivist group, which has been active since 2022 and is known for targeting Russian entities.

This group typically steals and leaks confidential information on their Telegram channel “DumpForums.” One notable incident linked to this group was the alleged breach of the Russian cybersecurity firm Dr. Web in September 2024.

Another similarity was an earlier malicious package involved in the same campaign, discordpydebug (discovered in early May by Socket), which had the same backdoor as an earlier version of dbgpkg. Discordpydebug, posing as a debugging tool for Discord bot developers, was uploaded shortly after Russia invaded Ukraine in March 2022. Another package, requestsdev, also part of this campaign and uploaded by the same likely impersonated author (\[email protected\], mimicking popular developer Cory Benfield), contained the same malicious payload.

However, RL researchers couldn’t definitively attribute this campaign to Phoenix Hyena based on backdooring techniques as it could be a copycat’s work too. Nevertheless, the timeline of related malicious packages suggests a politically motivated operation by a persistent threat actor.

“And, with a campaign driven by geopolitical tensions and the continuing hostility between Russia and Ukraine, RL researchers believe that more malicious packages are almost certain to be created as part of this campaign,” researchers concluded.

Pro-Ukraine Group Targets Russian Developers with Python Backdoor

Hackers from the Scattered Spider group, known for UK retail attacks, are now targeting US retailers, Google cybersecurity…

Hackers from the Scattered Spider group, known for UK retail attacks, are now targeting US retailers, Google cybersecurity experts have warned.

The notorious cybercriminal group Scattered Spider is now actively targeting retail companies in the United States, following a string of disruptive attacks against similar businesses in the United Kingdom.

This warning comes directly from cybersecurity experts at Google Threat Intelligence Group (GTIG) and Google subsidiary Mandiant, who highlight the group’s effectiveness at bypassing even strong security measures.

“The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” John Hultquist, Google’s cybersecurity analyst, stated. 

It is worth noting that Scattered Spider (aka UNC3944) is the primary suspect in the recent attacks on UK retain giants Harrods, Co-op, and M&S, but UK’s National Cyber Security Centre (NCSC), Mandiant and Google have not formally attributed them to any specific actor as yet. However, GTIG researchers suggest that the hackers targeting US retailers share similar techniques and procedures as the culprits behind the British incidents.

Researchers noted a _possible_ link between DragonForce ransomware operators and Scattered Spider. The former took responsibility for attempted recent attacks on several UK retailers, using tactics similar to Scattered Spider. Moreover, both were associated with the now\-defunct RaaS platform RansomHub.

However, GTIG could not confirm the link between UNC3944/DragonForce and rising retail data leaks. Still, the increasing presence of retail victims on data leak sites (11% in 2025, up from previous years) suggests that threat actors find this sector attractive due to large PII/financial data holdings and their willingness to pay ransom to maintain transaction processing.

As per Hackread.com’s past reporting, Scattered Spider is a financially motivated threat actor known for using social engineering techniques. They gained notoriety for hacking casino giants MGM Resorts International and Caesars Entertainment in 2023. They initially targeted telecommunications companies for SIM swapping and later started deploying ransomware to extort victims.

They are also known for phishing attempts and MFA bombing, where they bombard targets with multi-factor authentication requests. Typically, UNC3944 goes after established enterprises, specifically organizations with large help desks and outsourced IT departments, as these are more vulnerable to their sophisticated social engineering techniques.

GTIG’s analysis reveals that since early 2023 UNC3944 has targeted a diverse range of sectors, including Technology, Telecommunications, Financial Services, Business Process Outsourcing (BPO), Gaming, Hospitality, Retail, and Media & Entertainment organizations. Geographically, their primary targets have been even more diverse, including the US, Canada, the UK, Australia, Singapore and India.

Image: Google

The Retail & Hospitality ISAC, an information-sharing group that includes major players like Albertsons, Costco, McDonald’s, and Lowe’s, has acknowledged the threat and is working with Google to provide its members with detailed briefings and guidance on how to strengthen their defences against this evolving threat. The warning from Google serves as a clear signal for US retailers to be on high alert and to review their security protocols.

Chad Cragle, CISO at Deepwatch, a San Francisco, Calif.-based AI+Human Cyber Resilience Platform:

_“_Scattered Spider (UNC3944) uses sophisticated social engineering to infiltrate and deploy ransomware. To defend against this group, secure privileged accounts, implement phishing-resistant MFA, and verify every help-desk identity request._“_

_“_Retailers are particularly vulnerable, as they handle large amounts of payment data, manage intricate supply chains, and operate under significant uptime pressure that often encourages ransom payments,_“_ Chad warned. _“_However, organizations with valuable data and critical availability needs are equally at risk._“_

Hackers Now Targeting US Retailers After UK Attacks, Google

Coinbase insider breach: Bribed overseas agents stole user data; company rejects ransom, offers $20M reward, boosts security, and…

Coinbase insider breach: Bribed overseas agents stole user data; company rejects ransom, offers $20M reward, boosts security, and cooperates with law enforcement.

Coinbase, the largest US-based cryptocurrency exchange, has disclosed a major data breach involving bribed overseas customer support agents who stole sensitive customer information. The attackers demanded a $20 million ransom, which Coinbase refused to pay. Instead, the company has offered a $20 million reward for information leading to the arrest and conviction of the perpetrators.

****What Happened****

Cybercriminals targeted Coinbase’s external customer support agents, bribing a small group to access internal systems. These insiders extracted data from less than 1% of Coinbase’s monthly transacting users, including the following:

*   Masked bank account info
*   Some internal Coinbase documents
*   Last 4 digits of Social Security numbers
*   Government ID images (like driver’s licenses)
*   Names, addresses, phone numbers, and emails
*   Account balance snapshots and transaction history

According to Coinbase’s blog, the attackers used the information to impersonate Coinbase support and deceive customers into transferring their cryptocurrency. They then attempted to extort Coinbase for $20 million to prevent the release of the stolen data.

The good news is that the attackers could not get their hands on the following critical information:

*   Login info
*   2FA codes
*   Private keys
*   Coinbase Prime account data
*   Access to any crypto wallets or customer funds

****Coinbase’s Response****

In response to the breach, Coinbase has taken a series of actions aimed at minimizing damage and preventing future incidents. The company refused to pay the $20 million ransom demanded by the attackers and instead set up a $20 million reward fund for information leading to their arrest.

Customers who were deceived into transferring funds as a result of the attack will be reimbursed. To strengthen internal security, Coinbase is opening a new support center in the United States, rolling out enhanced security protocols, and increasing investment in insider threat detection and automated response systems.

The company is also working with law enforcement to press criminal charges against both the internal and external individuals involved. Financially, the breach may cost Coinbase between $180 million and $400 million, and the company’s stock fell 6% following the announcement, reflecting investor concerns.

****Customer Guidance****

Coinbase advises customers to remain alert against phishing attempts and social engineering scams. The company emphasizes that it will never ask for passwords, two-factor authentication codes, or request fund transfers to new addresses. Customers are encouraged to enable withdrawal allow-listing and use hardware-based two-factor authentication for added security.

****Experts Weigh In****

Ishpreet Singh, Chief Information Officer at Black Duck, a Burlington, Massachusetts-based provider of application security solutions, commented on the incident stating, _“_While it’s promising to see that Coinbase isn’t currently planning to pay the $20M ransom, there are steps they can take to ensure further scenarios such as this don’t transpire._“_

_“_I’d recommend implementing just-in-time access controls such as device fingerprinting and session auditing,_“_ he added. _“_Additionally, conducting regular risk reviews and strengthening vendor risk management and oversight can reduce third-party access to personally identifiable information._“_

Jason Soroko, Senior Fellow at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM), also commented on the insider job, stating, _“_Coinbase’s decision to publicly counter-extort with a $20 million bounty is an interesting reversal of the usual playbook, transforming breach response into what could turn into a global manhunt._“_

_“_This move shifts the narrative from victimhood to proactive offence weaponizing transparency and financial incentives against cybercriminals. It also signals to users and adversaries alike that extortion will not quietly succeed, potentially reframing how future attacks may be responded to. Perhaps risk is escalation,_“_ Jasin added. _“_Adversaries may double down or target exchanges with even greater aggression._“_

This story is developing, stay tuned!

Coinbase Customer Info Stolen by Bribed Overseas Agents

Reddit Struggles After Google's New Focus on Expertise

A wave of Google algorithm changes in 2025 has hit Reddit hard, cutting deep into its organic traffic. Although Reddit’s core user base remains stable, the loss of search-driven visitors is affecting the platform’s reach, engagement, and even its financial results.

The search giant’s focus on Expertise, Authoritativeness, and Trustworthiness (E-A-T) standards is fundamentally reshaping who wins and loses in the digital space and Reddit is now feeling the consequences.

****What We Know About the Traffic Drop****

The traffic impact stems from a series of Google updates rolled out throughout early 2025. The updates specifically target low-authority, community-driven content that doesn’t meet newly enforced quality thresholds.

While Reddit has historically been a powerhouse for long-tail search queries, especially for user advice, discussions, and opinions, the latest changes sharply reduced Reddit’s visibility in Google search results.

Threads and subreddits that used to dominate the SERPs for countless queries have seen their rankings plunge, especially when competing against official websites, expert blogs, and high-authority publications.

****Stable Core Users, But Shrinking External Reach****

Despite the drop in organic search traffic, Reddit’s registered users, those who are logged in, have remained active. Internal engagement metrics such as posts, comments, and community participation have not shown a significant decline.

However, the real problem lies with external search visitors, users who find Reddit posts through Google searches without being logged in. This audience is critical because they represent new users, new sessions, and fresh ad impressions that drive advertising revenue.

Without this continuous influx of external traffic, Reddit’s growth engine slows down, and its overall business performance risks stagnation.

****Financial Impact: Fewer Eyes, Lower Revenue****

Reddit’s advertising model heavily relies on page views and session length. With the decline in search-driven visits, the number of ad impressions served across the platform has dropped noticeably.

This is especially concerning at a time when Reddit has been attempting to scale its ad business aggressively and position itself as a major player in digital advertising against giants like Google, Meta, and TikTok.

The bottom line: less traffic from Google means less revenue, fewer opportunities for monetization, and increased financial pressure.

****Google’s E-A-T Standards Are Reshaping the Internet****

At the heart of Reddit’s struggles is Google’s renewed emphasis on E-A-T. The algorithm now systematically prefers content produced by recognizable experts or trustworthy institutions.

Here’s why Reddit was vulnerable:

1.  Moderation standards vary across subreddits.
2.  User-generated content is inherently diverse and unpredictable.
3.  Authority and expertise are not consistently verifiable across posts.

While Reddit excels in community knowledge and crowd-sourced advice, it doesn’t consistently guarantee factual accuracy or expert credibility — two critical factors in Google’s revamped ranking system.

In Google’s new search model, structured, curated, expert-authored content wins.

Anonymous forum discussions lose.

****Why Did This Happen?********User-Generated Content Faces Tougher Scrutiny****

UGC platforms like Reddit depend on quantity and variety, not necessarily structured expertise. However, Google’s 2025 updates elevate quality, not quantity.

Even if a Reddit thread has thousands of comments, it won’t outrank a single authoritative page from a trusted source anymore unless it demonstrates clear expertise and reliability.

****Low-Quality Content and Spam Detection****

Google’s AI-driven systems are now better at detecting low-value discussions, spammy posts, and duplicate advice.

On a platform as large as Reddit, even a small percentage of low-quality content being indexed can damage overall domain-level trust signals, pulling down entire sections of the site in rankings.

In short: Google no longer trusts platforms purely because of volume.

Trust must be earned through consistent quality and verifiable authority.

****What This Means for Reddit****

Reddit’s leadership now faces a strategic crossroads:

1.  Improve content moderation across key subreddits.
2.  Highlight authoritative voices within communities.
3.  Foster partnerships with verified experts and institutions.
4.  Rethink SEO strategies to align with Google’s E-A-T criteria.

Without serious internal changes, Reddit risks continuing to lose search visibility, meaning fewer users, slower growth, and intensified competition from newer platforms that better fit Google’s evolving definition of value.

****Lessons for Other UGC Platforms****

If you operate a platform built on user-generated content, Reddit’s struggle is your warning sign.

Key lessons:

1.  Encourage verified, expert participation in discussions.
2.  Invest in moderation systems to ensure consistent content quality.
3.  Build trust signals into your website architecture (author bios, fact-checking, transparent sourcing).
4.  Diversify traffic sources beyond search engines to protect long-term growth.

The old era of “any content ranks” is over.

Only authentic, high-quality, verifiable content will survive.

“The recent algorithm changes from Google are a clear indication that the digital landscape is evolving, and platforms like Reddit must adapt.

In my experience, user-generated content alone is no longer enough to maintain high search visibility. The algorithm increasingly favours content that is authentic, well-structured, and authoritative.

For platforms that thrive on UGC, like Reddit, the future lies in implementing better content moderation and incorporating expert-driven insights into discussions.

This is not just about adapting to Google’s algorithms, it’s about future-proofing your platform by creating real value for your users.

At Serpzilla, we are advising our clients to focus on building trust and improving content quality to stay competitive in an increasingly demanding digital environment.”

****Conclusion****

Reddit’s situation is a case study of how dramatically Google’s search priorities have shifted. If community-driven platforms fail to evolve, they risk becoming invisible in the modern search prospect.

Trust, authority, and structured expertise are the new keys to visibility.

Those who adapt will grow.

Those who don’t will fade away.

Google Algorithm Slashes Reddit Traffic: What It Means for UGC Platforms

A new wave of attacks uses PowerShell and LNK files to secretly install Remcos RAT, enabling full remote…

A new wave of attacks uses PowerShell and LNK files to secretly install Remcos RAT, enabling full remote control and surveillance of infected systems.

Cybersecurity experts at the Qualys Threat Research Unit (TRU) have recently uncovered a sophisticated cyberattack that utilizes the scripting language PowerShell to secretly install Remcos RAT (Remote Access Trojan).

This method allows attackers to operate undetected by many traditional antivirus programs because the malicious code runs directly in the computer’s memory, leaving very few traces on the hard drive. 

For your information, Remcos RAT is a powerful tool that cybercriminals use to gain complete control over infected computers. Once installed, it allows them to spy on victims, steal data, and perform other harmful actions.

According to the Qualys TRU analysis, the attack begins when a user opens a harmful file inside a ZIP archive, new-tax311.ZIP, which contains a shortcut file ‘new-tax311.lnk.’ Clicking this .LNK file doesn’t open a normal program. Instead, it uses a Windows tool called ‘mshta.exe’ to run a confusing (obfuscated) PowerShell script.

This script prepares the computer to get infected with Remcos RAT. First, it tries to weaken Windows Defender by telling it to ignore the “C:/Users/Public/” folder. It also changes PowerShell settings to allow unsafe scripts to run without warning and tries to run secretly. To make sure the Remcos RAT starts every time the computer is turned on, the script adds information to the Windows Registry.

Attack Flow (Source: Qualys TRU)

The script also downloads several files to the "C:/Users/Public/" folder. One might be a fake harmless file like pp1.pdf. It also downloads two key files: 311.hta (set to run at start-up and similar to ‘xlab22.hta’) and ‘24.ps1.’ The ‘24.ps1 file is the main, hidden PowerShell script that contains the Remcos RAT. This script uses special Windows functions (Win32 APIs) to load and run Remcos RAT directly in the computer’s memory, avoiding detection by file-based security.

The Remcos RAT TRU researchers analysed is a 32-bit V6.0.0 program designed to be stealthy and give attackers control over infected computers. It is a modular design, which means it has different parts that can perform different tasks. The program also stores encrypted data, which it decrypts when needed. 

This encrypted data contains the remote server’s address that it connects to (readysteaurantscom on port 2025 using a secure connection called TLS), the malware’s name (Remcos), and a special code (Rmc-7SY4AX) it uses to identify if the computer is already infected.

Remcos can perform various harmful actions, including keylogging, copying clipboard content, taking screenshots, recording from microphones and webcams, and stealing user information. It also tries to prevent security programs from analysing it.

In their research, Qualys TRU team emphasized that users should activate PowerShell logging and AMSI monitoring (a Windows feature that helps detect malicious scripts) to be turned on, and to use a strong EDR (Endpoint Detection and Response) solution for better protection.

In a comment to Hackread.com, Xiaopeng Zhang, IPS Analyst and Security Researcher with Fortinet’s FortiGuard Labs, stated _“_The attackers behind Remcos are evolving their tactics. Instead of exploiting the CVE-2017-0199 vulnerability through malicious Excel attachments, they now use deceptive LNK files disguised with PDF icons to lure victims into executing a malicious HTA file._“_

Xiaopeng warned that _“_PowerShell continues to play a role in the campaign. However, the latest variant adopts a fileless approach, using PowerShell to parse and execute Remcos directly in memory via the CallWindowProc() API. This marks a shift from previous methods, where Remcos was downloaded as a file before execution._“_

Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts

FrigidStealer malware targets macOS users via fake browser updates, stealing passwords, crypto wallets, and notes using DNS-based data…

FrigidStealer malware targets macOS users via fake browser updates, stealing passwords, crypto wallets, and notes using DNS-based data theft methods.

A known strain of macOS malware known as FrigidStealer is targeting Apple users through convincing fake browser update prompts. First spotted in February 2025, and reported by Hackread.com, this variant is part of the Ferret malware family and has already impacted users across North America, Europe, and Asia.

The malware strain has been linked to TA2726 and TA2727, both known for using fake browser updates as an attack vector. It has also been connected to a surge in infections across public-facing industries, particularly retail and hospitality.

The malware operates by tricking users into downloading a disk image file (DMG) disguised as a Safari update. Once the file is installed, it bypasses Apple’s Gatekeeper protections by prompting the user to enter their password, exploiting built-in AppleScript functionality. The malware then installs a malicious app with the bundle ID com.wails.ddaolimaki-daunito, which helps it blend in with legitimate applications.

Once active, FrigidStealer begins collecting sensitive data, including browser credentials, system files, cryptocurrency wallet information, and even Apple Notes. This data is then exfiltrated to a command-and-control server through DNS queries that are routed via macOS’s mDNSResponder. After stealing and sending the data, the malware terminates its own process to reduce the chances of detection.

According to Wazuh, an open-source cybersecurity firm that identified FrigidStealer and shared its technical report with Hackread.com, noted that this malware doesn’t rely on traditional exploit kits or vulnerabilities. Instead, it takes advantage of user trust in system notifications and browser update prompts. This approach makes it more dangerous, as it requires less technical sophistication on the attacker’s part while still being highly effective.

What sets FrigidStealer apart is its use of macOS-specific behaviours to remain persistent. It registers itself as a foreground application via launchservicesd, interacts with the system through unauthorized Apple Events communication, and deletes traces of itself post-execution. Logs from Apple’s Unified Logging System (ULS) show that the malware uses legitimate process names and services to stay hidden.

If you’re on macOS, keep in mind that attackers are getting smarter about how they trick people. They’re combining clever scams with knowledge of how the system works to sneak past standard security. Even with protection in place, the first step of the attack often comes down to someone clicking a link or trusting a fake update prompt.

Therefore, users are urged to avoid installing software updates from unexpected prompts or third-party sites. Updates should always come directly from official sources such as the Mac App Store or the system’s own Software Update tool.

FrigidStealer Malware Hits macOS Users via Fake Safari Browser Updates

Credential protection is key to preventing breaches. Secure APIs, rotate secrets and train devs to handle credentials safely…

Credential protection is key to preventing breaches. Secure APIs, rotate secrets and train devs to handle credentials safely and efficiently.

Your organization’s security hinges on how well you handle credentials. In today’s threat infrastructure, a single compromised password or API key can lead to **large-scale breaches**, impacting millions and costing billions.

While you might think your current practices suffice, the evolving nature of cyber threats demands a thorough approach to credential management that starts with education and extends through every layer of your organization.

****The High Stakes of Credential Security****

For developers, the secure handling of credentials is a critical responsibility. You’re not just protecting strings of characters – you’re safeguarding your organization’s crown jewels.

High-profile breaches often trace back to compromised credentials, whether through insider threats or external attacks. A single **exposed API key** or database password can cascade into a devastating security incident. Your team’s handling of sensitive access data directly impacts compliance requirements and determines success in security audits.

You need the freedom to innovate and move quickly, but this freedom must be balanced with credential security practices. The stakes are simply too high – your organization’s reputation, customer trust, and financial stability all depend on getting this right.

****Laying the Foundation: Education and Awareness****

As a developer, recognizing that poor credential handling can lead to catastrophic breaches is crucial. You’re a critical line of defence in your organization’s security posture, with the power to either protect or inadvertently expose sensitive credentials through your daily coding practices.

****Understanding the Risks****

Before development teams can effectively protect sensitive credentials, they must understand what’s at stake. When credentials fall into the wrong hands, the consequences can be devastating – from data breaches and financial losses to regulatory penalties and reputational damage. To mitigate these risks, organizations increasingly rely on **secret detection tools** that can identify and prevent the accidental exposure of credentials in code repositories and other vulnerable areas.

Credential leakage consequences often cascade throughout organizations, affecting multiple systems and exposing sensitive customer data. Insider threat vulnerabilities pose a particular challenge, as trusted employees with legitimate access can misuse or expose credentials either accidentally or intentionally. This is why implementing proper security measures, including automated secrets detection, is crucial for maintaining the integrity of your systems and protecting sensitive information.

****The Developer’s Role in Security****

The foundation of secure credential handling begins with developers recognizing their unique position as the first line of defence. You’re not just writing code – you’re building the walls that protect sensitive data from breaches and attacks.

Your role demands mastery of secure coding practices and an understanding of how credentials flow through your applications. By incorporating threat modelling into your development process, you’ll identify vulnerabilities before they become exploitable weaknesses.

****Regular Training and Refreshers****

While technical controls form the backbone of credential security, regular training serves as the essential catalyst for lasting behavioural change. Implement an updated training program that keeps security awareness fresh and engaging through varied approaches. Consider rotating between credential workshops, phishing simulations, and targeted security newsletters that address emerging threats.

Make training relevant by incorporating **real-world examples** and recent security incidents that resonate with your teams’ daily work. Run incident response drills that specifically focus on credential compromise scenarios, allowing developers to practice their response in a safe environment.

****Setting the Rules: Clear Guidelines and Policies****

Establish thorough guidelines that clearly define how your teams should handle, store, and manage credentials throughout the development lifecycle. Your policies must address specific practices for password complexity, API key rotation, encryption standards, and access controls that align with industry best practices and compliance requirements.

****Defining Acceptable Practices****

Clear boundaries serve as the foundation for secure credential-handling practices. Your team needs well-defined policies that balance security requirements with operational efficiency. When establishing these guidelines, focus on implementable standards that protect sensitive data without creating unnecessary friction.

1.  Implement credential rotation strategies and secure access protocols that align with industry standards while maintaining your team’s agility to deploy and iterate quickly.
2.  Establish clear incident response planning procedures that empower developers to act swiftly when security issues arise, without fear of repercussion for reporting concerns.
3.  Design compliance audit processes that validate security practices while respecting developer autonomy, ensuring teams can innovate within secure boundaries.

****Password Management Best Practices****

Strong password management is key to keeping credentials secure. Set clear password rules that strike a good balance between security and ease of use, so your team can stay productive without lowering protection. Also, put reasonable expiration policies in place to make sure passwords get updated regularly, but without slowing down the work.

Establish user access controls that limit credential exposure based on role and project requirements. Define who can access what, when, and under which circumstances. Your incident response plans must outline immediate steps to take when credential compromises occur.

****API Key and Secret Handling****

Every API key and secret in your organization requires rigidly defined handling procedures to prevent unauthorized access and potential breaches. While maintaining security might feel restrictive, clear guidelines give you more freedom to innovate without worrying about credential leaks or **API vulnerabilities**.

1.  Document your handling procedures in an accessible security policy that outlines best practices for storing, sharing, and rotating API credentials – this shields you from compliance headaches while protecting sensitive data.
2.  Implement automated security audits to detect exposed secrets in code repositories and alert relevant team members immediately when issues arise.
3.  Create an emergency response plan that empowers you to quickly revoke and replace compromised credentials without bringing development to a halt.

****Tools of the Trade: Secure Credential Management Solutions****

Strong and reliable tools are essential to implement secure credential management at scale, starting with centralized secret management systems and encrypted vaulting solutions that eliminate risky practices like hardcoding credentials. Prioritize platforms that automate key generation and rotation while providing thorough audit trails and access controls.

****Centralized Secret Management Systems****

A centralized secret management system forms the cornerstone of any enterprise-grade credential security strategy. When you implement such a system, you’re taking control of your organization’s most sensitive assets while enabling your teams to work efficiently and securely.

1.  Establish centralized access controls and user permissions that adapt to your team’s needs, ensuring developers can access only the credentials they require while maintaining operational flexibility.
2.  Create extensive audit trails that track every credential access attempt, empowering your security team to detect and respond to potential threats in real time.
3.  Enable rapid incident response capabilities through automated credential rotation and revocation, protecting your systems even when breaches occur.

****Vaulting and Encryption Solutions****

Modern credential vaulting and encryption solutions provide essential safeguards against unauthorized access and data breaches. When evaluating secret management tools, focus on platforms that offer credential vaulting techniques and support industry-leading encryption standards comparison capabilities.

Your solution should enable automated credential rotation to minimize exposure risks and reduce manual intervention. Look for features that integrate seamlessly with your existing development workflows while maintaining strict access controls.

****Integrating Security into the Workflow****

Embed security practices throughout your SDLC, ensuring credential protection becomes second nature rather than a burdensome add-on. Your **development workflow** should include automated security scans that detect exposed credentials and configuration issues before they reach production. Code reviews must explicitly verify proper credential handling, with senior developers coaching junior team members on security best practices.

****Secure Development Lifecycle (SDLC) Integration****

Successful integration of security practices into the development lifecycle requires three critical shifts in how teams approach credential handling. Transform your organization’s mindset from viewing security as a barrier to seeing it as an enabler of innovation and trust.

1.  Implement secure integration strategies that empower your teams to move fast while maintaining credential protection – letting developers focus on creating value without compromising security.
2.  Foster development team collaboration through shared responsibility models, where every team member becomes a guardian of sensitive credentials.
3.  Establish continuous security assessment protocols alongside credential lifecycle management to proactively identify and address vulnerabilities before they become threats.

By following these guidelines and encouraging a security-first mindset, your team can lower the risk of credential-related issues while still giving developers the flexibility to work efficiently and safely.

Source

HackRead