How Hackers Make Salesforce More Secure in the Agentic AI Era

Blog

Byadmblake February 26, 2025

Post Content

Blog

BRICKSTORM Espionage Campaign

What is the Attack? BRICKSTORM is a stealthy, Go-based backdoor deployed by the China-nexus actor UNC5221, enabling long-term persistence and espionage via compromised network appliances in US organizations. Since March 2025, GTIG (Google Threat Intelligence Group) and Mandiant have tracked BRICKSTORM activity impacting legal services, SaaS, BPO, and technology firms. The campaign suggests objectives beyond…

Read More BRICKSTORM Espionage Campaign
Blog

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks. “Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads,” ReliaQuest said in a report

Read More Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Blog

Apache Tomcat RCE

What is the Vulnerability?On March 10, 2025, Apache issued a security advisory regarding a critical vulnerability (CVE-2025-24813) affecting the Apache Tomcat web server. This flaw could allow attackers to view or inject arbitrary content into security-sensitive files and potentially achieve remote code execution.Exploit code for this vulnerability is publicly available, and no authentication is required…

Read More Apache Tomcat RCE
Blog

Glasswing Secured the Code. The Rest of Your Stack Is Still on You

Forgotten integrations, shadow IT, SaaS, and now shadow AI and agents are everywhere, and attackers don’t need sophisticated AI models to take advantage.

Read More Glasswing Secured the Code. The Rest of Your Stack Is Still on You
Blog

Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware

The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances. The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long history of leveraging N-day security flaws in various web applications to…

Read More Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware
Blog

Sora 2 Makes Videos So Believable, Reality Checks Are Required

Threat actors will continue to abuse deepfake technology to conduct fraudulent activity, so organizations need to implement strong security protocols – even if it adds to user friction.

Read More Sora 2 Makes Videos So Believable, Reality Checks Are Required

Related