When OAuth Tokens Turn Toxic: How ShinyHunters Exploited Gainsight to Steal Data from 200+ Companies
In a troubling development for cloud security, threat actors tied to ShinyHunters claim they have accessed sensitive Salesforce data from more than 200 organizations, by exploiting a third-party integration with Gainsight. This incident underscores the rising danger posed by supply-chain attacks on SaaS ecosystems. What Happened According to Google’s Threat Intelligence team, malicious actors gained access to Salesforce […]
Critical Oracle E-Business Suite Zero-Day Exposed in Clop Ransomware Attack on Broadcom
In a worrying turn of events, the notorious Clop ransomware group has reportedly breached Broadcom’s systems by exploiting a critical zero-day vulnerability in Oracle’s E-Business Suite (EBS). This incident underscores how even enterprise-grade ERP platforms can become attack vectors and why organizations must stay vigilant and responsive. What Happened · The vulnerability in question is CVE-2025–61882, which affects […]
When Trusted Sites Turn Malicious: How APT24’s ‘BadAudio’ Is Redefining Cyber Espionage
In a deeply concerning cyber-espionage campaign, a China-linked threat actor known as APT24 has been deploying a previously unknown malware called BadAudio by compromising real, legitimate public websites. The implications for enterprises everywhere are serious and highlight how attackers are constantly innovating their tactics. Here’s a breakdown of what’s happening, why it matters, and how organizations can […]
GenAI Is Empowering Cybercriminals to Create More Believable Scams
Generative AI is not just transforming how we build software and create content it’s also being adopted by cybercriminals to design more convincing social engineering attacks. Today’s scammers are using AI tools to craft phishing messages, fake identity profiles, and even custom voice clones to trick victims out of sensitive information and money. Why GenAI […]
CISA Raises Alarm Over Active Google Chrome 0-Day Exploit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical, actively exploited zero-day vulnerability in Google Chrome. The flaw has been used in real-world attacks, putting users at risk of remote code execution and potential system compromise. What Makes This Chrome Vulnerability Dangerous The vulnerability allows attackers to execute code […]
New 2FA Phishing Kit Uses BitB Technique to Hijack Microsoft Accounts
A sophisticated phishing kit is now targeting Microsoft users, using a method called BitB (Browser-in-the-Browser) to bypass two-factor authentication and steal credentials. This new approach makes the fake login appear as a real pop-up, fooling users who believe they are securely signing into a Microsoft service. What Is the BitB Technique? The BitB technique creates […]