Hackers accessed customer contact information and case data from Salesforce instances at Cloudflare, Palo Alto Networks, and Zscaler.
The post Security Firms Hit by Salesforce–Salesloft Drift Breach appeared first on SecurityWeek.
Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers
Tracked as CVE-2025-57819 (CVSS score of 10/10), the bug is described as an insufficient sanitization of user-supplied data.
The post Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers appeared first on SecurityWeek.
Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack
Part of a wave of DDoS attacks that lasted for weeks, the assault was a UDP flood mainly originating from Google Cloud.
The post Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack appeared first on SecurityWeek.
Varonis Acquires Email Security Firm SlashNext
The transaction is valued up to $150 million, including performance-based retention awards, a Varonis spokesperson told SecurityWeek.
The post Varonis Acquires Email Security Firm SlashNext appeared first on SecurityWeek.
Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users
The Midnight Blizzard cyberspies used compromised websites to trick users into authorizing devices they controlled.
The post Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users appeared first on SecurityWeek.
WhatsApp Zero-Day Exploited in Attacks Targeting Apple Users
The vulnerability (CVE-2025-55177) was exploited along an iOS/macOS zero-day in suspected spyware attacks.
The post WhatsApp Zero-Day Exploited in Attacks Targeting Apple Users appeared first on SecurityWeek.
In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks
Noteworthy stories that might have slipped under the radar: communications of dozens of Iranian ships disrupted, only apps from verified developers will run on Android devices, and AI used across multiple phases of malicious attacks.
The post In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks appeared first on SecurityWeek.
VerifTools Fake ID Operation Dismantled by Law Enforcement
Authorities say VerifTools sold fake driver’s licenses and passports worldwide, enabling fraudsters to bypass KYC checks and access online accounts.
The post VerifTools Fake ID Operation Dismantled by Law Enforcement appeared first on SecurityWeek.
Google Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft Campaign
Google says the same OAuth token compromise that enabled Salesforce data theft also let hackers access a small number of Workspace accounts via the Salesloft Drift integration.
The post Google Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft Campaign appeared first on SecurityWeek.
TransUnion Data Breach Impacts 4.4 Million
Credit reporting firm TransUnion (NYSE: TRU) is notifying more than 4.4 million people that their personal information was compromised in a data breach. The incident occurred on July 28, 2025, and was discovered two days later, the company revealed in a filing with the Maine Attorney General’s Office. According to TransUnion, the data breach involved […]
The post TransUnion Data Breach Impacts 4.4 Million appeared first on SecurityWeek.
