third-party applications – Experimental News Clipping Site

The Register: Third time’s the charm? SolarWinds (again) patches critical Web Help Desk RCE

Sep 23, 2025

—

by

Source URL: https://www.theregister.com/2025/09/23/solarwinds_patches_rce/ Source: The Register Title: Third time’s the charm? SolarWinds (again) patches critical Web Help Desk RCE Feedly Summary: Or maybe 3 strikes, you’re out? SolarWinds on Tuesday released a hotfix – again – for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could allow a remote, unauthenticated…

Unit 42: Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances

Sep 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/threat-brief-compromised-salesforce-instances/ Source: Unit 42 Title: Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances Feedly Summary: This Threat Brief discusses observations on a campaign leveraging Salesloft Drift integration to exfiltrate data via compromised OAuth credentials. The post Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances appeared first on Unit 42.…

The Register: Salesforce data missing? It might be due to Salesloft breach, Google says

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/27/salesforce_salesloft_breach/ Source: The Register Title: Salesforce data missing? It might be due to Salesloft breach, Google says Feedly Summary: Attackers steal OAuth tokens to access third-party sales platform, then CRM data in ‘widespread campaign’ Google says a recent spate of Salesforce-related breaches was caused by attackers stealing OAuth tokens from the third-party Salesloft…

Cloud Blog: Widespread Data Theft Targets Salesforce Instances via Salesloft Drift

Aug 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift/ Source: Cloud Blog Title: Widespread Data Theft Targets Salesforce Instances via Salesloft Drift Feedly Summary: Written by: Austin Larsen, Matt Lin, Tyler McLellan, Omar ElAhdan Introduction Google Threat Intelligence Group (GTIG) is issuing an advisory to alert organizations about a widespread data theft campaign, carried out by the actor tracked as UNC6395.…

The Register: Google yet to take down ‘screenshot-grabbing’ Chrome VPN extension

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/21/freevpn_privacy_research/ Source: The Register Title: Google yet to take down ‘screenshot-grabbing’ Chrome VPN extension Feedly Summary: Researcher claims extension didn’t start out by exfiltrating info… while dev says its actions are ‘compliant’ Security boffins at Koi Security have warned of a shift in behavior of a popular Chrome VPN extension, FreeVPN.One, which recently…

Krebs on Security: Microsoft Patch Tuesday, July 2025 Edition

Jul 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://krebsonsecurity.com/2025/07/microsoft-patch-tuesday-july-2025-edition/ Source: Krebs on Security Title: Microsoft Patch Tuesday, July 2025 Edition Feedly Summary: Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft’s…

Slashdot: Unless Users Take Action, Android Will Let Gemini Access Third-Party Apps

Jul 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://tech.slashdot.org/story/25/07/08/1255232/unless-users-take-action-android-will-let-gemini-access-third-party-apps?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Unless Users Take Action, Android Will Let Gemini Access Third-Party Apps Feedly Summary: AI Summary and Description: Yes Summary: Google’s modification to its Gemini AI engine allows it to interface with third-party applications, circumventing user privacy settings regarding app interactions. The adjustments raise concerns over data privacy, as user…

The Register: VMware must support crucial Dutch govt agency as it migrates off the platform, judge rules

Jun 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/06/30/dutch_agency_wins_right_to/ Source: The Register Title: VMware must support crucial Dutch govt agency as it migrates off the platform, judge rules Feedly Summary: Court says State arm cannot be left without maintenance, patches and upgrades because of Broadcom’s new licensing model Broadcom’s VMware subsidiary must provide a Dutch government organization with continued software support…

Slashdot: Microsoft 365 Brings the Shutters Down On Legacy Protocols

Jun 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/06/19/2046206/microsoft-365-brings-the-shutters-down-on-legacy-protocols?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Microsoft 365 Brings the Shutters Down On Legacy Protocols Feedly Summary: AI Summary and Description: Yes **Summary:** Microsoft 365 is set to enhance security by blocking legacy authentication protocols starting July 2025 as part of its “Secure by Default” initiative. This move aims to mitigate risks associated with vulnerable…

Cloud Blog: What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia

Jun 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia/ Source: Cloud Blog Title: What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia Feedly Summary: Written by: Gabby Roncone, Wesley Shields In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russia state-sponsored cyber threat actor impersonating the U.S. Department of State. From at least…

Tag: third-party applications