Insights

01 Sep

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

Data Breaches, Information, Insights

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including…

Read More
28 Aug

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

Information, Insights

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called “Gambler Panel” that bills itself as a “soulless project that is made for profit.” A machine-translated version of Gambler Panel’s affiliate website. The scam begins…

Read More
27 Aug

CISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage Systems

Attacks, Insights, Malware

CISA, along with the National Security Agency, Federal Bureau of Investigation, and international partners, released a joint Cybersecurity Advisory on People’s Republic of China (PRC) state-sponsored Advanced Persistent Threat (APT) actors targeting critical infrastructure across sectors and continents to maintain persistent, long-term access to networks. This advisory builds on previous reporting and is based on real-world investigations conducted across multiple countries through July 2025. While the activity observed overlaps with industry reporting on the group known as Salt Typhoon,…

Read More
26 Aug

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

Information, Insights

The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor’s high-speed Internet connection in the United States. This post examines the history and provenance of DSLRoot, one of the oldest “residential proxy” networks with origins in Russia and…

Read More
22 Aug

CISA Requests Public Comment for Updated Guidance on Software Bill of Materials

Attacks, Insights, Malware

CISA released updated guidance for the Minimum Elements for a Software Bill of Materials (SBOM) for public comment—comment period begins today and concludes on October 3, 2025. These updates build on the 2021 version of the National Telecommunications and Information Administration SBOM Minimum Elements to reflect advancements in tooling and implementation.   An SBOM serves as a vital inventory of software components, enabling organizations to identify vulnerabilities, manage dependencies, and mitigate risks. The update refines data…

Read More
20 Aug

SIM-Swapper, Scattered Spider Hacker Gets 10 Years

Information, Insights

A 20-year-old Florida man at the center of a prolific cybercrime group known as “Scattered Spider” was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy. Florida prosecutors alleged Urban conspired with others to steal at least $800,000 from five victims via SIM-swapping attacks that diverted…

Read More
19 Aug

Oregon Man Charged in ‘Rapper Bot’ DDoS Service

Information, Insights

A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot,” a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rented out the botnet to online extortionists, and tried to stay off the radar of law enforcement by ensuring that their botnet was never pointed at…

Read More
15 Aug

Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme

Information, Insights

Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks. Image: Shutterstock, WhataWin. This so-called ‘ramp and dump‘ scheme borrows…

Read More
14 Aug

CISA Releases Thirty-Two Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released thirty-two Industrial Control Systems (ICS) advisories on August 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-226-01 Siemens SIMATIC RTLS Locating Manager ICSA-25-226-02 Siemens COMOS ICSA-25-226-03 Siemens Engineering Platforms ICSA-25-226-04 Siemens Simcenter Femap ICSA-25-226-05 Siemens Wibu CodeMeter Runtime ICSA-25-226-06 Siemens Opcenter Quality ICSA-25-226-07 Siemens Third-Party Components in SINEC OS ICSA-25-226-08 Siemens RUGGEDCOM CROSSBOW Station Access Controller ICSA-25-226-09 Siemens RUGGEDCOM APE1808 ICSA-25-226-10 Siemens SIPROTEC 5 ICSA-25-226-11 Siemens SIMATIC S7-PLCSIM ICSA-25-226-12 Siemens SIPROTEC 4 and SIPROTEC 4 Compact ICSA-25-226-13 Siemens…

Read More
13 Aug

CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators

Attacks, Insights, Malware

CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, released comprehensive guidance to help operational technology (OT) owners and operators across all critical infrastructure sectors create and maintain OT asset inventories and supplemental taxonomies.  An asset inventory is a regularly updated, structured list of an organization’s systems, hardware, and software. It includes a categorization system—a taxonomy—that classifies assets based on their importance and function. This…

Read More