Kirsten Doyle

A whistleblower says the government put every American’s Social Security record at risk. Charles Borges, Chief Data Officer at the Social Security Administration, filed the complaint. He describes a “live copy of the country’s Social Security information in a cloud environment that circumvents oversight.”  The file is the Numident database. It holds names, birth dates, citizenship, race, parents’ names and Social Security numbers, phone numbers, addresses. A full ledger of American identity. Borges warns what could follow. “Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital healthcare and food…

A major data theft campaign has hit corporate Salesforce instances. The actor, tracked as UNC6395, leveraged compromised OAuth tokens from the Salesloft Drift application to pull data. The attacks ran from August 8 through at least August 18.  Google Threat Intelligence Group (GTIG) says the campaign moved at scale. Data was exported by the bucketful. The goal was credentials: AWS access keys, passwords, Snowflake tokens. The intruder worked carefully, deleting query jobs to hide activity. Logs remain untouched. Organizations should assume exposure and review their records. Salesloft confirmed that customers without Salesforce integrations are unaffected. Google Cloud customers appear safe,…

Containers are supposed to isolate and keep things in their lane. But a new vulnerability proves that line is fragile. CVE-2025-9074 affects Docker Desktop on Windows and macOS. A malicious container can reach the Docker Engine, launch other containers, mount the host filesystem, and escalate privileges to admin. The score is 9.3. It is critical.  Docker says a container doesn’t even need the Docker socket mounted to pull this off. It can connect to Docker’s internal HTTP API, spin up a privileged container, and touch files it shouldn’t. Enhanced Container Isolation does nothing.  It gets worse on Windows. The attacker…

Bad actors are patient. They know trust takes time. With ZipLine, they have turned patience into a weapon. Check Point Research has uncovered a campaign aimed at U.S. manufacturers and supply-chain critical industries. The trick is simple, yet unusual. The attacker does not send the first email. Instead, they use the target’s own “Contact Us” form. The company responds, thinking it’s business as usual. That single reply begins a conversation that may last for weeks. The dialogue is businesslike. Meetings are discussed. Non-disclosure agreements are drafted. The threat actor sounds like a partner, not a criminal. Then comes the ZIP…

Farmers Insurance has confirmed a breach affecting more than 1.07 million customers nationwide. The intrusion traces to a third-party vendor and links to a broader wave of attacks targeting Salesforce environments. Google, Cisco, Adidas, Qantas, and Allianz have also fallen victim. The breach began on 29 May. Farmers’ notification explains: “One of Farmers’ third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor’s databases containing Farmers customer information.” The vendor’s monitoring tools detected the intrusion. The activity was contained. The attacker was blocked. Farmers moved quickly. “With the assistance of a third-party data-review expert,…

A Go package disguised as an SSH brute forcer has been caught stealing credentials and sending them straight to a Telegram bot controlled by a Russian-speaking threat actor. Socket’s Threat Research Team found the package, called golang-random-ip-ssh-bruteforce, still live on GitHub and the Go Module registry. It claims to be a “fast” SSH brute forcer. In reality, it hands over the first successful login to its author. IP, username, and password are exfiltrated to a hardcoded Telegram bot. The operator never sees their own win.  How It Works The code runs an endless loop. It generates random IPv4 addresses, checks…

The United Kingdom is sharpening its defence posture. Five technologies stand at the heart of this effort. While the industry’s heavyweights continue to supply capability, fresh value lies with early to mid-stage firms. These smaller players, often led by veterans and security professionals, move fast. They innovate, adapt, and bring new answers to complex military challenges. A new report from Heligan Group maps out the technologies driving UK, European, and NATO power projection. Matt Croker, Director of Corporate Finance at Heligan Group, frames the moment plainly: “The UK is well-positioned in a range of defence technologies with both investment as…

The web began quietly. A few servers, a handful of users, a few ideas. It promised knowledge at the speed of light. But as the connections multiplied, so did the shadows. Each innovation brings progress, but also vulnerability. Today, the internet is no longer a tool; it is a living, sprawling ecosystem. And its evolution has been anything but gentle. The Shifting Threat Landscape Ross Moore, Information Security Researcher, remembers the early simplicity of cyber threats: “It would be great if the most complex threat today were the Melissa or ILOVEYOU viruses spread through email attachments!” Those viruses were nuisances,…

Between June and August this year, CrowdStrike’s Falcon platform stopped a coordinated malware campaign aimed at more than 300 customer environments. The operation involved SHAMOS, a variant of the Atomic macOS Stealer (AMOS), built and rented out by the cybercriminal group COOKIE SPIDER. The scheme was simple. Malvertising lured users searching for macOS fixes to spoofed help sites.  There, victims were told to copy and paste a one-line command into Terminal. That single command bypassed Apple’s Gatekeeper checks and installed a Mach-O executable. It is a technique increasingly favored by eCrime groups. SHAMOS and its predecessor, Cuckoo Stealer, have both…

The dark web has its own job boards. Its own recruiters. Its own economy of skills.  There, posts read like the listings on LinkedIn or Indeed, only the roles are not for project managers or analysts. They are for AI specialists, cloud exploiters, and social engineers fluent in English. The recruits are not employees. They are accomplices.  ReliaQuest research showed how the market is booming. Job-related posts on cybercriminal forums such as Exploit and RAMP more than doubled between 2023 and 2024. By mid-2025, they had already equaled the previous year’s total. The growth signals a shift. Cybercrime is no…