Topic: mandiant investigation
-
Sitecore Zero-Day Exploit Actively Attacked (CVE-2025-53690)
A critical zero-day vulnerability (CVE-2025-53690) in Sitecore on-premises deployments is being actively exploited, allowing unauthorized access and remote code execution. Attackers leverage a known sample ASP.NET machine key to exploit ViewState deserialization, enabling them to deploy malware, ...
Read More » -
State-Sponsored Hackers Breached SonicWall in September
State-sponsored hackers breached SonicWall's cloud environment in September, accessing firewall configuration backup files via an API call, but no products, firmware, or customer networks were compromised. The exposed backup files contained sensitive credentials, prompting SonicWall to advise aff...
Read More » -
Salesloft & Drift Breach: How Attackers Infiltrated Systems
A cybersecurity breach at Salesloft began with unauthorized access to its GitHub account, leading to data theft from customer Salesforce instances via stolen OAuth credentials from the Drift platform. The attack, attributed to threat group UNC6395, targeted sensitive credentials like AWS keys and...
Read More » -
Salesforce Probes New Security Incident Similar to Salesloft Breach
Salesforce is investigating a security incident involving unauthorized access to customer data through Gainsight app integrations, leading to revoked tokens and temporary removal of the apps from AppExchange. Threat actors linked to ShinyHunters compromised Gainsight OAuth tokens to access Salesf...
Read More » -
Hackers Exploit Critical Oracle Flaw, CISA Confirms
CISA has added the critical Oracle E-Business Suite vulnerability CVE-2025-61884 to its Known Exploited Vulnerabilities catalog, confirming active exploitation and mandating federal agencies to patch by November 10, 2025. The vulnerability is an unauthenticated server-side request forgery (SSRF) ...
Read More »