Recent developments: Multiple businesses hit by Salesloft Drift data leak, Sitecore experiencing zero-day security flaw
In the ever-evolving landscape of cybersecurity, several significant developments have emerged in the recent month. Here's a roundup of the key events and findings that have caught the attention of security professionals.
Online shopping data, while convenient, poses risks, and it's crucial to consider the security implications of leaving personal data behind. As we navigate our digital lives, the importance of safeguarding our data has never been more crucial.
In the realm of cybersecurity roles, a diverse selection of opportunities spanning various skill levels within the field is currently available. Whether you're a seasoned professional or just starting out, there's a role to suit every skillset.
A macOS vulnerability, CVE-2025-24204, has been discovered, allowing attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. This underscores the importance of keeping systems updated and secure.
Identity has become a core pillar of cybersecurity strategy, with more than 80 percent of large U.S. companies targeted by socially engineered fraud in the past year. Platforms like LinkedIn are implementing new verification rules to confirm people and companies' identities and cut down on fake accounts and scams.
The CVE matrix is forecasted to be a significant focus during September 2025 Patch Tuesday. Meanwhile, a critical vulnerability in SAP S/4HANA enterprise resource planning software is being exploited by attackers, highlighting the need for vigilance in enterprise security.
External Attack Surface Management (EASM) tools are proving invaluable for security professionals, helping them find vulnerabilities in the modern security stack. Solutions like CyberFlex, which combines Pen-testing-as-a-Service (PTaaS) and EASM, are making a difference.
A new threat group, GhostRedirector, has been identified by ESET Research, while a new research project, NetMoniAI, shows how AI agents might reshape network monitoring and security.
The new machine learning framework, KillChainGraph, developed by researchers from Frondeur Labs, DistributedApps.ai, and OWASP, is designed to help defenders anticipate attacker behavior across the stages of the Cyber Kill Chain. By forecasting adversary techniques and generating structured attack paths, it serves as a context engine and hypothesis generator to support threat hunters and enrich alert prioritization in security operations.
A new report from Google Cloud's Office of the CISO lays out three areas where board oversight is becoming especially important, while a new study offers evidence on which measures are most closely linked to lower breach risk.
Unfortunately, high-profile breaches continue to make headlines. Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud have confirmed their Salesforce instances were accessed due to a breach at Salesloft. Cloudflare has also confirmed a data breach linked to the Salesloot Drift supply chain compromise.
Breaches tied to file access are happening often, and the costs add up quickly. Organizations are being urged to embed security and privacy into the software development lifecycle (SDLC) from the very start, while practical strategies for CISOs navigating tighter budgets are being shared.
Lastly, AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users' view, underscoring the need for ongoing vigilance in the face of evolving cyber threats.
Stay safe and secure in the digital world!
Read also:
- Building Solar Power Systems for New Residential Properties: Harnessing Tomorrow's Energy from the Earth's Core
- Eco-friendly warmth now being circulated in Zöschingen
- McKinsty boosts its vehicle lineup with one hundred Chevrolet Silverado EV work pickup trucks [video]
- Interview with Management: Attracting Attendees, Boosting Income
