Chinese Espionage Targets Network Devices
What happened: U.S. agencies warn of widespread Chinese hacking aimed at network equipment worldwide.
What to do: Check and update your network device security settings and firmware regularly.Salesloft OAuth Breach Hits All Integrations
What happened: A breach affecting Salesloft’s OAuth system impacts all connected apps, not just Salesforce.
What to do: Review and revoke any unnecessary app permissions linked to Salesloft integrations.TransUnion Data Breach Exposes Millions
What happened: Over 4.4 million people’s personal data was stolen in a breach at TransUnion.
What to do: Monitor your credit reports and consider placing fraud alerts or freezes if concerned.Salt Typhoon APT Exploits Multiple Vendor Flaws
What happened: A China-linked hacking group exploited vulnerabilities in Cisco, Ivanti, and Palo Alto products to attack hundreds of organizations.
What to do: Apply security patches immediately for these vendors and review network logs for suspicious activity.Citrix Urgently Patches NetScaler Zero-Day
What happened: A critical zero-day vulnerability in Citrix NetScaler was actively exploited, prompting emergency patches.
What to do: Update Citrix NetScaler software without delay to block attacks.Windows Registry Vulnerabilities Under Attack
What happened: Researchers revealed new ways attackers exploit Windows Registry memory corruption bugs.
What to do: Keep Windows systems fully patched and limit registry access to trusted users only.iMessage Exploit Analyzed in Depth
What happened: Security experts dissected a sophisticated iMessage exploit used by NSO Group’s BLASTPASS spyware.
What to do: Update your Apple devices promptly and be cautious with unexpected messages.CoreAudio Fuzzing Reveals Sound System Bugs
What happened: Researchers found vulnerabilities in Apple’s CoreAudio system using advanced testing techniques.
What to do: Install the latest Apple updates to protect against potential audio-related attacks.
If You Only Do 3 Things Today
| Action (1 minute each) | Why it matters |
|---|---|
| Update all network devices and software | Prevent attackers from exploiting known flaws |
| Review and limit app permissions on integrations | Reduce risk from compromised third-party apps |
| Monitor credit and personal accounts | Detect and respond quickly to identity theft |
For Teams (super quick)
- Prioritize patching Citrix NetScaler and Cisco, Ivanti, Palo Alto products immediately.
- Audit OAuth and API integrations for unnecessary or risky permissions.
- Monitor network traffic for signs of Salt Typhoon or other APT activity.
- Enforce strict access controls on Windows Registry and sensitive system components.
- Communicate with users about the importance of updating Apple devices and avoiding suspicious messages.
Photo by Thibault Penin on Unsplash