Cisco Systems, Inc. logo and lettering can be seen on the Cisco Systems GmbH headquarters building in Garching near Munich (Bavaria). Cisco is a US company from the telecommunications industry and is primarily known for its routers and switches. (Photo by Matthias Balk/picture alliance via Getty Images)
Mandiant detailed the incident in a blog post Wednesday, but it’s unclear who was behind it or if they managed to get broad visibility into the victim’s…
The company said it found more evidence of compromise across its customer base. Exposure, which has yet to be defined, poses significant downstream risk.
The attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions.
Attackers compromised the open-source security tool and published malicious versions of the software. Mandiant warns the fallout could impact up to 10,000 downstream victims.
Google’s research report on ransomware activity last year underscores how cybercrime is evolving and clouding a collective understanding of its full impact and scale.
Light reflects off glass panels on Salesforce Tower through the fog in San Francisco on July 31, 2018. (Carlos Avila Gonzalez/The San Francisco Chronicle via Getty Images)
Researchers said the threat group behind the campaign is associated with ShinyHunters, an outfit that’s previously stolen data from Salesforce instances for extortion attempts.
Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstorm malware called Grimbolt.
Cybercrime groups, including one that identifies as ShinyHunters, are targeting single sign-on services to gain access to victim networks and steal data.