UNC6395 Expands Data Theft Campaign to Email OAuth Tokens
Google researchers discovered the new attacks and are advising all customers to treat any authentication tokens for those integrations as compromised.
Archives for August 2025
All topics
Articles
10 Posts
US Gov Links Private Chinese Firms to Salt Typhoon Hacks
Salt Typhoon has not been observed exploiting zero-day flaws, but instead targeting known bugs in exposed network edge devices - some of which are years old.
Citrix CVE-2025-7775 Under Active Attack
The vulnerability (CVE-2025-7775) is a buffer overflow that can lead to remote code execution and attackers were already targeting it before the public disclosure.
DoJ Seizes $2.8M Linked to Zeppelin Ransomware
The DoJ raked back $2.8 million in crypto, as well as cash and a stolen vehicle, belonging to an alleged operator of the Zeppelin ransomware.
CISA, Microsoft Warn of Exchange CVE-2025-53786 Risk
CISA has issued an emergency directive regarding the recently disclosed and somewhat weird vulnerability in Microsoft Exchange hybrid deployments (CVE-2025-53786), ordering all civilian federal agencies to address the flaw by Aug. 11.
The Emerging Ecosystem Dedicated to AI Accountability
A new ecosystem of security researchers is emerging, looking to sniff out data security and privacy issues in AI systems and grappling with issues like a lack of transparency into and understanding of LLMs.