🚨 The Salesloft-Drift breach exposed Salesforce data across hundreds of orgs via compromised OAuth tokens. Vendors like Cloudflare, Palo Alto Networks, Zscaler, and others have confirmed related incidents.
🔍 To detect similar risks from other third-party integrations,…
OAuth Attacks in Salesforce
Palo Alto Networks and Zscaler have confirmed they were targeted in a campaign exploiting OAuth trust to siphon Salesforce data—via compromise of Salesloft Drift, a widely used third-party Salesforce app.
trust.salesloft.com/?uid=Drift%2FS…
🛡️ Defender Alert:…
🚨 Threat actors hijacked the trusted AI platform Simplified to launch a phishing campaign targeting Microsoft 365 credentials. By impersonating execs and hosting fake login pages on whitelisted domains, they evaded traditional defenses.
catonetworks.com/blog/cato-ctrl…
🧪 VT scan: 0/97…
🚨 Sliver Backdoor via SimpleHelp RMM Threat actors are actively exploiting vulnerabilities in SimpleHelp RMM to deploy the Sliver backdoor, enabling lateral access into downstream customer environments. This campaign has been ongoing since January 2025 and shows no signs of…
🚨 Phishing alert: Over 115,000 emails exploited Google Classroom to target 13,500 orgs in just one week. Attackers used fake invites & WhatsApp lures to bypass filters via trusted infrastructure.
blog.checkpoint.com/email-security…
KQL Check:
EmailEvents
| where Timestamp > ago(30d)
|…
🐼 MURKY PANDA exploited trusted cloud relationships by breaching SaaS and cloud providers, then pivoting into downstream customer environments. In one case, they stole an Entra ID app registration secret, authenticated as a service principal, and accessed customer email systems.…
🚫 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗖𝗼𝗽𝗶𝗹𝗼𝘁 𝗔𝗴𝗲𝗻𝘁 𝗔𝗰𝗰𝗲𝘀𝘀 𝗣𝗼𝗹𝗶𝗰𝘆 𝗡𝗼𝘁 𝗛𝗼𝗻𝗼𝘂𝗿𝗲𝗱
Since May 2025, a total of 107 Copilot Agents (Microsoft + External Publisher) have been made available in the Copilot Agent Inventory across all Microsoft 365 tenants.
Despite…
🔥Anonymous Blob Access Detection
This KQL query identifies potentially exposed Azure Blob Storage containers that have been accessed anonymously from known or suspected malicious IP addresses. It helps detect unauthorized access attempts that may indicate data leakage or…
Blob Threat Hunting Just Got Interesting
Just spotted the CloudStorageAggregatedEvents table in Microsoft Defender XDR’s advanced hunting schema! 🎯 This new addition provides visibility into storage activity and related events—perfect for digging into potential blob storage…
🚨 SpyVPN Alert
FreeVPN.One, a Chrome extension with 100K+ installs & a “Verified” badge, was caught secretly capturing screens & sending data to its servers.
koi.security/blog/spyvpn-th…
I built a KQL to track screenshot activity via MDE—great for spotting suspicious…
Microsoft Defender XDR will support Streaming API for DataSecurityEvents and DataSecurityBehaviors tables starting late August 2025, enabling real-time insider risk alert data delivery via event hubs. This feature is off by default and requires configuration to begin streaming…
4K Followers 810 FollowingI break down #malware so you don’t have to 👾
Lead Security Researcher @Acronis TRU-Labs doing #ThreatIntel #CTI
GReAT past, and even greater challenges ahead
142 Followers 507 FollowingInconformable, incapaz de matar indefensos e inocentes, absurdamente crítico, con profundo desprecio por la corrección política. Diga la verdad o no vale nada.
425 Followers 560 FollowingFrom India, living at Stockholm | Sr. Red Team Op | Malware & Threat Intel | Open Source Evangelist ! Opinions are of my Own.
494 Followers 6K Following“World peace must develop from inner peace. Peace is not just mere absence of violence. Peace is, I think, the manifestation of human compassion.”
2K Followers 1K FollowingYesterday is history. Tomorrow is a mystery.
Cloud Solutions Engineer at Contoso. Hacktive Directory admin.
Posts don't represent my employer(s).
369 Followers 2K Followingprofile pic done by Steve Austin(Judge Dredd) for me as a gift
Cyber Security Analyst, AI/Blockchain.
HTB Academy:
https://t.co/JkOGYxoN6s
4K Followers 147 FollowingA #SOCplatform boosted by #AI and #threatintelligence, combining #SIEM, #SOAR, #Automation in a single solution. Used by End-users, MSSP and APIs
338 Followers 2K FollowingWithout (log)data you’re just another person with an opinion. 4688+cmdLine, or it Did’nt happen. The IT Security guy @meethumio tweets are mine
120 Followers 249 FollowingDFIR | Hunting | BlueTeam | Trying to be a decent human being | Mostly tweeting when feeling okay-ish 💜 | All thoughts and opinions expressed here are my own.
17K Followers 155 FollowingDefensive side of the hacking mirror 🛡 Thanks Blue Sponsor @Graylog2! https://t.co/p5ax1RhuPS & Mastodon: https://t.co/464Coi7X18
48K Followers 2K FollowingSpecializing in pen testing, red teaming, and Active SOC. We share our knowledge through blogs, webcasts, open-source tools, and Backdoors & Breaches game.
1K Followers 86 FollowingWelcome to Cyber News Live where our goal is to create a community and bring public awareness to the cyber industry.
#cnl #cybernewslive #cyber #cybersecurity
77K Followers 765 FollowingEnd-to-end Cybersecurity consulting team leading the industry, supporting organizations, and giving back. #Hacktheplanet
Blogs, news, webinars, and tools!
1K Followers 5K FollowingHusband, Dad, Security Architect. Strong believer in automating things to empower/augment people. SOAR through an Empty Realm - Tao Te Ching. My views. (he/him)
1K Followers 860 FollowingI am a real, actual human being with family, friends, co-workers and acquaintances. Really. Author of https://t.co/wQ2t2hSD1r. Founder of SquareOne Peer Group.
30K Followers 192 FollowingEmpowering businesses with proactive security solutions: Interactive Sandbox,
TI Lookup and Feeds. Sign up for free: https://t.co/8hIX0Qh5ME
83K Followers 16 FollowingTrend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
27K Followers 372 FollowingThe elite security team at @Trustwave. Response & Investigations. Analysis & Testing. Research & Development. Follow for info on the latest #infosec threats.
No recent Favorites. New Favorites will appear here.