The Coming Storm – PossibleThreat Articles

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

September 1, 2025 0 Comments A Little Sunshine, alan liska, austin larsen, charles carmakal, counter-hack, Data Breaches, Google, google threat intelligence group, joshua wright, Latest Warnings, mandiant, Salesforce, salesloft drift, scattered spider, shinyhunters, The Coming Storm, unc6040, unc6395

Credit to Author: BrianKrebs| Date: Mon, 01 Sep 2025 21:55:04 +0000

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.

Independent Krebs

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

August 28, 2025 0 Comments A Little Sunshine, gambler panel, Instagram, Latest Warnings, scam gambling, scambling, silent push, The Coming Storm, thereallo, TikTok, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 28 Aug 2025 17:21:32 +0000

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called “Gambler Panel” that bills itself as a “soulless project that is made for profit.”

Independent Krebs

Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme

August 15, 2025 0 Comments @chenlun, A Little Sunshine, csis security group, FBI, financial industry regulatory authority, finra, ford merrill, Ne'er-Do-Well News, outsider, pump and dump, ramp and dump, schwab, secalliance, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 15 Aug 2025 18:27:05 +0000

Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks.

Independent Krebs

Microsoft Patch Tuesday, August 2025 Edition

August 12, 2025 0 Comments Akamai, badsuccessor, ben mccarthy, cve-2025-50165, cve-2025-53733, cve-2025-53766, cve-2025-53778, cve-2025-53779, exchange online, exchange server 2016, exchange server 2019, exchange server subscription edition, immersive, Latest Warnings, microsoft exchange server, microsoft office 365, Microsoft Word, sans internet storm center, The Coming Storm, Time to Patch, windows gdi+, yuval gordon

Credit to Author: BrianKrebs| Date: Tue, 12 Aug 2025 22:14:41 +0000

Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.

Independent Krebs

Who Got Arrested in the Raid on the XSS Crime Forum?

August 6, 2025 0 Comments 9588693, anton gannadievich medvedovskiy, anton viktorovich avdeev, Breadcrumbs, constella intelligence, conti, damagelab, domaintools.com, europol, exploit.in, flycracker, hack-all, intel 471, lockbit, lockbitsupp, n0klos, Ne'er-Do-Well News, paranoidlab.com, qiliin, Ransomware, revil, sbu, sergeii vovnenko, sonic, The Coming Storm, toha, toschka2003@yandex.ru, xss[.]is

Credit to Author: BrianKrebs| Date: Wed, 06 Aug 2025 12:12:37 +0000

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle “Toha.” Here’s a deep dive on what’s knowable about Toha, and a short stab at who got nabbed.

Independent Krebs

Microsoft Fix Targets Attacks on SharePoint Zero-Day

July 25, 2025 0 Comments cisa, cve-2025-49704, cve-2025-49706, cve-2025-53770, cve-2025-53771, cybersecurity & infrastructure security agency, eye security, Latest Warnings, microsoft corp., rapid7, sharepoint server, The Coming Storm, Time to Patch

Credit to Author: BrianKrebs| Date: Mon, 21 Jul 2025 14:45:46 +0000

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.

Independent Krebs

DOGE Denizen Marko Elez Leaked API Key for xAI

July 25, 2025 0 Comments A Little Sunshine, business insider, Data Breaches, doge, gitguardian, github, grok, marko elez, philippe caturegli, president trump, seralys, techcrunch, The Coming Storm, the new york times, the wall street journal, the washington post, twitter, vice president j.d. vance, x, xai

Credit to Author: BrianKrebs| Date: Tue, 15 Jul 2025 01:23:43 +0000

Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk’s artificial intelligence company xAI.

Independent Krebs

Senator Chides FBI for Weak Advice on Mobile Security

July 25, 2025 0 Comments A Little Sunshine, Apple, bill marczak, citizen lab, cve-2025-43200, emerita melissa hortman, federal bureau of investigation, Google, international computer science institute, john hoffman, kash patel, Latest Warnings, lockdown mode, lorenzo francheschi-bicchierai, nicholas weaver, security tools, sen. ron wyden, susie wiles, The Coming Storm, the wall street journal, Time to Patch

Credit to Author: BrianKrebs| Date: Mon, 30 Jun 2025 17:33:59 +0000

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate’s most tech-savvy lawmakers says the feds aren’t doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.

Independent Krebs Security

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

February 28, 2025 0 Comments A Little Sunshine, alfa bank, bearhost, gootloader, interisle consulting group, intrinsec, kaspersky lab, kentik, Ne'er-Do-Well News, prospero ooo, Ransomware, securehost, silent push, SocGholish, spamhaus, The Coming Storm, zach edwards

Credit to Author: BrianKrebs| Date: Fri, 28 Feb 2025 20:14:58 +0000

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.

Independent Krebs Security

Trump 2.0 Brings Cuts to Cyber, Consumer Protections

February 28, 2025 0 Comments A Little Sunshine, bruce schneier, bybit, christopher stanley, Coinbase, conservative political action conference, consumer financial protection bureau, cybersecurity and infrastructure security agency, davi ottenheimer, department of government efficiency, department of homeland security, Department of Justice, edward coristine, gavin kliger, global investigative journalism network, hunter labs, internal revenue service, jacob silverman, jacob williams, katie arrington, kleptocapture task force, kleptocracy asset recovery initiative, Latest Warnings, leland dudek, lizardstresser, michelle king, natalya martynova, national institute of standards and technology, national treasury employees union, office of management and budget, office of personnel management, organized crime and corruption reporting project, president donald trump, project 2025, rep. andy ogles, russia's war on ukraine, sean cairncross, social security administration, starlink, The Coming Storm, treasury department, u.s. agency for international development, u.s. foreign corrupt practices act, U.S. Securities and Exchange Commission, valery martynov, vladimir putin, volodymyr zelensky

Credit to Author: BrianKrebs| Date: Sun, 23 Feb 2025 23:02:14 +0000

One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest man to wrest control over their networks and data.

← Previous