Salesforce alerts users to potential data exposure via Gainsight OAuth apps
Salesforce reported “unusual activity” involving Gainsight published OAuth applications, warning that attackers may have used those integrations to access some customers’ Salesforce data even though the core Salesforce platform was not directly compromised. All tokens for the affected apps were revoked and the apps pulled from the AppExchange while the investigation continues. This incident underscores the risk posed by third party SaaS integrations and OAuth scopes, and it offers concrete indicators around app IDs and integration behavior that can be folded into monitoring and access reviews.
Logitech Confirms Data Breach After Cl0p, Linked to Oracle E-Business Suite Exploits, Takes Responsibility
Logitech confirmed a data exfiltration incident that exposed information about employees, customers, and suppliers, with Cl0p claiming responsibility and tying the intrusion to exploitation of Oracle E Business Suite. The disclosure points to a supply side compromise path through a widely used enterprise platform rather than Logitech’s own perimeter. The case illustrates how ERP and other business systems can become high value ingress points and how third party exploits can translate into brand side breaches that require coordinated investigation and notification.
Chinese Hackers Exploiting WSUS Remote Code Execution Vulnerability to Deploy ShadowPad Malware
AhnLab researchers reported that Chinese threat actors are exploiting a critical WSUS remote code execution bug, tracked as CVE 2025 59287, to push the ShadowPad backdoor through compromised update infrastructure. By hijacking WSUS, attackers can deliver malicious payloads as if they were trusted patches to large fleets of Windows systems. The writeup provides vulnerability details, attack flow, and indicators that can be used to prioritize patching of WSUS servers and refine monitoring of update channels, signed content, and configuration integrity.
Delhi Police launches 48-hour ‘CY-Hawk’ crackdown on cybercrime, raids city and other states
Delhi Police launched a 48 hour operation dubbed CY Hawk targeting syndicates behind online fraud, including email scams, social media and app based frauds, banking scams, and ransomware related activity, with coordinated raids and multiple detentions. The campaign focuses on dismantling hotspots used to run large scale cybercrime operations across several Indian states. This kind of enforcement effort can disrupt known fraud infrastructures and money mule networks, potentially changing the volume and origin of certain scam and BEC campaigns that organizations see in telemetry.
WhatsApp Worm Spreads Banking Trojan Across Brazil, Targets Crypto Wallets
Trustwave researchers detailed a WhatsApp based worm campaign using the Eternidade Stealer banking trojan to compromise Brazilian users and drain crypto wallets and online banking accounts. The malware spreads by hijacking victims’ WhatsApp accounts to auto send malicious links, then quietly installing info stealing payloads aimed at financial and wallet applications. The campaign combines social engineering, mobile messaging propagation, and credential theft, offering mobile focused IOCs and behavioral patterns useful for refining detection on endpoints, networks, and anti fraud systems.
