Cyber adversaries continue to push boundaries with new tactics, targeting enterprises and critical infrastructure worldwide. A large-scale data theft campaign has hit Salesforce environments, with threat actor UNC6395 exploiting compromised OAuth tokens tied to the Salesloft Drift app. Meanwhile, the Nx build system became the target of “s1ngularity,” the first known AI-powered supply chain attack. CISA has issued an advisory warning that Chinese state-backed actors are exploiting vulnerabilities across global telecom, government, and critical infrastructure networks to maintain long-term, covert access. Read on for the latest developments in cybersecurity.
01
A widespread data theft campaign targeting Salesforce instances was carried out using compromised OAuth tokens associated with the Salesloft Drift application. The actor, UNC6395, exported large volumes of data from corporate Salesforce instances.
02
Hackers exploited a vulnerable workflow in the widely used Nx build system to launch "s1ngularity," the first AI-driven supply chain attack, injecting malicious packages to steal credentials, exfiltrate data, and compromise developer pipelines.
03
A cybercrime campaign is distributing a trojanized PDF editor, AppSuite PDF Editor, containing malware named TamperedChef to steal sensitive information, including credentials and web cookies.
04
Cephalus ransomware exploits exposed RDP endpoints lacking MFA to gain access, then encrypts files with a .sss extension, uses DLL sideloading, and disables recovery and antivirus defenses.
05
The CISA advisory warns that Chinese state-sponsored cyber threat actors are targeting global networks, including telecommunications, government, and critical infrastructure, by exploiting known vulnerabilities and using various techniques to maintain persistent access.
06
Cisco disclosed a high-severity vulnerability (CVE-2025-20241) in Nexus 3000 and 9000 Series switches that could enable denial-of-service (DoS) attacks through crafted IS-IS packets.
07
FreePBX servers are being targeted by hackers exploiting a zero-day vulnerability in systems with exposed Administrator Control Panels (ACP). Sangoma has released an emergency EDGE module fix and plans a full security update shortly.
08
Researchers have discovered a Zip Slip vulnerability, a path traversal issue during file decompression that allows attackers to create files at arbitrary locations upon extraction.
09
CrowdStrike announced its acquisition of Onum, a Spanish startup specializing in real-time telemetry pipeline technology, for $290 million.
10
Okta plans to acquire Axiom Security, a privileged access management startup, to bolster its capabilities in protecting databases, Kubernetes, and just-in-time access.
