The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month, a threat actor exfiltrated data from their customers’ Salesforce instances by leveraging stolen OAuth credentials that enable the integration of their Drift (Salesloft) chatbot with said instances. Google Threat Intelligence Group attributed the...| Help Net Security
Top cybersecurity conferences are introducing new rules that require researchers to formally address ethics in their work. Starting with the 2026 USENIX Security Symposium, all submissions must include a stakeholder-based ethics analysis. Other major venues such as IEEE Security and Privacy, and ACM CCS have also emphasized the importance of ethical review in recent calls for papers. This change reflects a growing concern that cybersecurity research can unintentionally cause harm. Research th...| Help Net Security
The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos. The problem In an earnest attempt to shift left, security teams deputized developers to own remediation. While development teams have legitimately become more security-focused, it’s created a dynamic in which security is still accountable for risk but h...| Help Net Security
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday. Their alert seems to be based on a report by SecurityBridge’s Threat Research Labs, who professedly verified that the exploit for the flaw is being used in the wild. About CVE-2025-42957 CVE-2025-42957 is a code injection vulnerability affecting SAP S/4HANA’s functi...| Help Net Security
ScamAgent study reveals how AI agents simulate scam calls, bypass safety guardrails, adapt across conversations, exploit text-to-speech.| Help Net Security
With smart investments, policies, and partnerships, Africa can beat its cybersecurity crisis and become a model of digital safety.| Help Net Security
Millions of Internet-of-Things (IoT) devices running the open-source version of Android are part of the Badbox 2.0 botnet.| Help Net Security
Todd Schell from Ivanti gives his overview of May 2025 and forecast for June 2025 Patch Tuesday. Are you ready to get patching?| Help Net Security
Start with IAM for AI-driven security decisions—augment first, then automate. Build trust before full autonomy in cybersecurity.| Help Net Security
With the adoption of large language models (LLMs) across industries, security teams often play catch-up. Many organizations are integrating GenAI into| Help Net Security
A ViewState code injection attack leveraging exposed ASP.NET machine keys could be easily replicated by other attackers.| Help Net Security
The changes in the ransomware landscape from 2023 to 2024 show a promising trend: ransomware payments have decreased by a third.| Help Net Security
A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers.| Help Net Security
With Apple’s push for shorter certificate lifespans, the digital landscape is shifting faster than many businesses are prepared for.| Help Net Security
Am I Isolated is an open-source container security benchmark that probes users' runtime environments and tests for container isolation.| Help Net Security
SwitchBot has just released a Find My wallet tracker that gives you all the features of an AirTag, in a slim, credit card-like device .| Stuff
Attackers gain access to AWS cloud storage containers by scanning for and leveraging exposed environment files (with cloud IAM keys inside).| Help Net Security