Security
Headlines
HeadlinesLatestCVEs

Tag

#web

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.

Krebs on Security
#vulnerability#web#google#microsoft#amazon#git#intel#aws#auth#ssl#blog
Hidden Commands in Images Exploit AI Chatbots and Steal Data

Hidden commands in images can exploit AI chatbots, leading to data theft on platforms like Gemini through a…

⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combining stolen access, unpatched software, and clever tricks to move from small entry points to large

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

As enterprises continue to shift their operations to the browser, security teams face a growing set of cyber challenges. In fact, over 80% of security incidents now originate from web applications accessed via Chrome, Edge, Firefox, and other browsers. One particularly fast-evolving adversary, Scattered Spider, has made it their mission to wreak havoc on enterprises by specifically targeting

Amazon Disrupts Russian APT29 Watering Hole Targeting Microsoft Authentication

Amazon has disrupted a Russian APT29 watering hole campaign that used compromised sites to target Microsoft authentication with…

Travelers to the UK targeted in ETA scams

Some scammers are selling ETA documents at exaggerated prices, and others are after your personal and financial data.

Feds Seize VerifTools.Net, Operators Relaunch with VerifTools.com

Authorities in the United States and the Netherlands have seized VerifTools, a marketplace selling fake IDs for cybercrime.…

WhatsApp 0-Day Exploited in Attacks on Targeted iOS and macOS Users

WhatsApp has patched a critical 0-day (CVE-2025-55177) that allowed zero-click spyware attacks on iOS and Mac users. The…

Hackers Exploit CrushFTP Zero-Day to Take Over Servers

WatchTowr Labs uncovers a zero-day exploit (CVE-2025-54309) in CrushFTP. The vulnerability lets hackers gain admin access via the…

SSA Whistleblower’s Resignation Email Mysteriously Disappeared From Inboxes

Less than 30 minutes after the Social Security Administration’s chief data officer resigned following a whistleblower complaint, recipients could no longer access the resignation email.