Google Threat Intelligence Group Archives

Intellexa remotely accessed Predator spyware customer systems, investigation finds

It was one of a trio of reports about the spyware vendor over the course of a day, with additional evidence about further infections among the findings.

1 day ago By Tim Starks

Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware

The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that’s just what’s been uncovered in…

1 day ago By Matt Kapko

Light reflects off glass panels on Salesforce Tower through the fog in San Francisco on July 31, 2018. (Carlos Avila Gonzalez/The San Francisco Chronicle via Getty Images)

Gainsight CEO downplays impact of attack that spread to Salesforce environments

Details about the attack are scattered, and discrepancies remain about the number of companies impacted and the extent to which they are compromised.

Nov 25, 2025 By Matt Kapko

Salesforce Tower in San Francisco on June 28, 2019. (Jessica Christian/San Francisco Chronicle via Getty Images)

Hundreds of Salesforce customers hit by yet another third-party vendor breach

The widespread compromise is strikingly similar to a previous attack that originated at Salesloft Drift.

Nov 20, 2025 By Matt Kapko

A figure walking with a glowing trail of binary code emanating from a case, symbolizing stolen data. (Getty Images Plus)

Hitachi subsidiary GlobalLogic impacted by Clop’s attack spree on Oracle customers

The digital engineering services firm said human resources data on nearly 10,500 current and former employees was exposed.

Nov 11, 2025 By Matt Kapko

In this picture taken near the truce village of Panmunjom inside the demilitarized zone (DMZ) separating the two Koreas, a bird flies near a North Korean flag fluttering in the wind at the propaganda village of Gijungdong in North Korea on October 4, 2022. (Photo by ANTHONY WALLACE/AFP via Getty Images)

North Korean operatives spotted using evasive techniques to steal data and cryptocurrency

Research from Cisco Talos and Google Threat Intelligence Group underscores the extent to which North Korea-aligned attackers attempt to avoid detection.

Oct 16, 2025 By Matt Kapko

Dozens of Oracle customers impacted by Clop data theft for extortion campaign

Researchers said malicious activity dates back to early July and active exploitation was observed two months ago.

Oct 9, 2025 By Matt Kapko

Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks

Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.

Oct 6, 2025 By Matt Kapko

Here is the email Clop attackers sent to Oracle customers

The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.

Oct 2, 2025 By Matt Kapko

Oracle customers being bombarded with emails claiming widespread data theft

Researchers tell CyberScoop that notorious ransomware group Clop may be behind the email barrage.

Oct 1, 2025 By Matt Kapko