Latest Warnings – PossibleThreat Articles

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

September 1, 2025 0 Comments A Little Sunshine, alan liska, austin larsen, charles carmakal, counter-hack, Data Breaches, Google, google threat intelligence group, joshua wright, Latest Warnings, mandiant, Salesforce, salesloft drift, scattered spider, shinyhunters, The Coming Storm, unc6040, unc6395

Credit to Author: BrianKrebs| Date: Mon, 01 Sep 2025 21:55:04 +0000

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.

Independent Krebs

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

August 28, 2025 0 Comments A Little Sunshine, gambler panel, Instagram, Latest Warnings, scam gambling, scambling, silent push, The Coming Storm, thereallo, TikTok, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 28 Aug 2025 17:21:32 +0000

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called “Gambler Panel” that bills itself as a “soulless project that is made for profit.”

Independent Krebs

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

August 26, 2025 0 Comments A Little Sunshine, aliaksandr holas, andrei holas, blackhatworld, Breadcrumbs, constella intelligence, domaintools.com, dslroot, globalsolutions, incorptoday, incorptoday@gmail.com, intel 471, internet of things (iot), Latest Warnings, lloyd davies, prepaidsolutions@yahoo.com, reddit, reveng.ai, ryzhik777@gmail.com, sacapoopie, usproxyking, webhostingtalk

Credit to Author: BrianKrebs| Date: Tue, 26 Aug 2025 14:05:12 +0000

The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor’s high-speed Internet connection in the United States. This post examines the history and provenance of DSLRoot, one of the oldest “residential proxy” networks with origins in Russia and Eastern Europe.

Independent Krebs

Microsoft Patch Tuesday, August 2025 Edition

August 12, 2025 0 Comments Akamai, badsuccessor, ben mccarthy, cve-2025-50165, cve-2025-53733, cve-2025-53766, cve-2025-53778, cve-2025-53779, exchange online, exchange server 2016, exchange server 2019, exchange server subscription edition, immersive, Latest Warnings, microsoft exchange server, microsoft office 365, Microsoft Word, sans internet storm center, The Coming Storm, Time to Patch, windows gdi+, yuval gordon

Credit to Author: BrianKrebs| Date: Tue, 12 Aug 2025 22:14:41 +0000

Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.

Independent Krebs

Scammers Unleash Flood of Slick Online Gaming Sites

July 30, 2025 0 Comments A Little Sunshine, b-ball blitz, beast games, discord, Latest Warnings, mr. beast, scambling, silent push, thereallo, Web Fraud 2.0, zach edwards

Credit to Author: BrianKrebs| Date: Wed, 30 Jul 2025 18:46:34 +0000

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.

Independent Krebs

Microsoft Fix Targets Attacks on SharePoint Zero-Day

July 25, 2025 0 Comments cisa, cve-2025-49704, cve-2025-49706, cve-2025-53770, cve-2025-53771, cybersecurity & infrastructure security agency, eye security, Latest Warnings, microsoft corp., rapid7, sharepoint server, The Coming Storm, Time to Patch

Credit to Author: BrianKrebs| Date: Mon, 21 Jul 2025 14:45:46 +0000

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.

Independent Krebs

Microsoft Patch Tuesday, July 2025 Edition

July 25, 2025 0 Comments action1, adam barnett, Adobe, ben hopkins, cve-2025-47178, cve-2025-47981, cve-2025-49695, cve-2025-49696, cve-2025-49697, cve-2025-49702, cve-2025-49719, cve-2025-49740, Latest Warnings, microsoft configuration manager, microsoft defender smartscreen, microsoft patch tuesday july 2025 edition, mike walters, office, rapid7, security tools, sql server 2012, sql server 2016, Time to Patch

Credit to Author: BrianKrebs| Date: Wed, 09 Jul 2025 00:53:33 +0000

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.

Independent Krebs

Big Tech’s Mixed Response to U.S. Treasury Sanctions

July 25, 2025 0 Comments @nicelizhi, A Little Sunshine, facebook, funnull technology inc., github, gmail, hotmail, Latest Warnings, LinkedIn, liu "steve" lizhi, mark rasch, Ne'er-Do-Well News, nexamerchant, nice lizhi, Paypal, twitter, unit 221b, Web Fraud 2.0, xxl4, youtube, zach edwards

Credit to Author: BrianKrebs| Date: Thu, 03 Jul 2025 16:06:05 +0000

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.

Independent Krebs

Senator Chides FBI for Weak Advice on Mobile Security

July 25, 2025 0 Comments A Little Sunshine, Apple, bill marczak, citizen lab, cve-2025-43200, emerita melissa hortman, federal bureau of investigation, Google, international computer science institute, john hoffman, kash patel, Latest Warnings, lockdown mode, lorenzo francheschi-bicchierai, nicholas weaver, security tools, sen. ron wyden, susie wiles, The Coming Storm, the wall street journal, Time to Patch

Credit to Author: BrianKrebs| Date: Mon, 30 Jun 2025 17:33:59 +0000

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate’s most tech-savvy lawmakers says the feds aren’t doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.

Independent Krebs Security

Trump 2.0 Brings Cuts to Cyber, Consumer Protections

February 28, 2025 0 Comments A Little Sunshine, bruce schneier, bybit, christopher stanley, Coinbase, conservative political action conference, consumer financial protection bureau, cybersecurity and infrastructure security agency, davi ottenheimer, department of government efficiency, department of homeland security, Department of Justice, edward coristine, gavin kliger, global investigative journalism network, hunter labs, internal revenue service, jacob silverman, jacob williams, katie arrington, kleptocapture task force, kleptocracy asset recovery initiative, Latest Warnings, leland dudek, lizardstresser, michelle king, natalya martynova, national institute of standards and technology, national treasury employees union, office of management and budget, office of personnel management, organized crime and corruption reporting project, president donald trump, project 2025, rep. andy ogles, russia's war on ukraine, sean cairncross, social security administration, starlink, The Coming Storm, treasury department, u.s. agency for international development, u.s. foreign corrupt practices act, U.S. Securities and Exchange Commission, valery martynov, vladimir putin, volodymyr zelensky

Credit to Author: BrianKrebs| Date: Sun, 23 Feb 2025 23:02:14 +0000

One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest man to wrest control over their networks and data.

← Previous