KrebsOnSecurity reports: At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn […]
From Texas Attorney General Ken Paxton: Attorney General Ken Paxton filed suit against PowerSchool, a California-based provider of cloud-based services for K-12 schools, after an unprecedented data breach exposed the sensitive personal identifying information and protected health information of more than 880,000 Texas school-aged children and teachers. PowerSchool’s software collects, processes, and secures sensitive information […]
The Guardian reports: A group of English-speaking hackers linked to the Marks & Spencer cyber-attack has claimed responsibility for an attack on Jaguar Land Rover. A channel on the Telegram platform posted a screenshot of what appeared to be the carmaker’s internal IT systems, as well as a news article detailing the hack. The name of […]
Bleeping Computer reports that Palo Alto Networks (PAN) has become another victim of the Salesloft Drift / Salesforce campaign: Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. The company states that it was […]
Updated September 1, 2025: Google issued a warning to all Gmail users, but then responded to headlines suggesting that there was any urgent problem or major security concern. Read Geekspin’s coverage, below, and then Google’s statement from September 1. Cyber threat looms for Gmail users following Salesforce data breach Google has issued a stark warning […]
China’s Salt Typhoon cyberspies hoovered up information belonging to millions of people in the United States over the course of the years-long intrusion into telecommunications networks, according to what a top FBI cyber official told The Register: “There’s a good chance this espionage campaign has stolen information from nearly every American,” Michael Machtinger, deputy assistant […]
The company behind the Claude chatbot said it caught a hacker using its chatbot to identify, hack and extort at least 17 companies. NBC News reports: A hacker has exploited a leading artificial intelligence chatbot to conduct the most comprehensive and lucrative AI cybercriminal operation known to date, using it to do everything from find […]
Customers are targeted through compromised OAuth access tokens from Salesloft Drift integrations. IT Pro reports: Google’s Threat Intelligence Group (GTIG) has revealed that hackers harvested user credentials from Salesforce customers in a widespread campaign during the first half of this month. The attacker, tracked as UNC6395, targeted Salesforce customer instances through compromised OAuth tokens associated […]
TransUnion has mailed out notification letters to more than 4.4 million U.S. persons affected by a breach at a third-party application. In its notification to state attorneys general in Maine and California, TransUnion reported that the incident occurred on July 28, 2025, and they learned of it on July 30, 2025. The attack did not […]
HuffPost reports: Acolytes of former White House adviser Elon Musk ignored privacy warnings and mishandled sensitive Social Security information, according to a whistleblower complaint filed Tuesday. Officials from the so-called Department of Government Efficiency potentially put hundreds of millions of Americans’ sensitive information at risk by copying a critical Social Security database and uploading it to an […]
