📂 Incident Response

Showing 9 threats (week)

CrowdStrike Fires Insider Who Shared Internal Screens with Hackers

CrowdStrike disclosed that it terminated a 'suspicious insider' who shared internal system screenshots with a hacking group but stressed that its own systems were not breached and customer data remain…

Category: Industry News / Incident Response & DFIR

#crowdstrike#insider-threat#information-leakage#security-vendor#incident-response

Ransomware Hits Local Law Enforcement in Oklahoma and Massachusetts

Local law enforcement agencies in Cleveland County, Oklahoma and the city of Attleboro, Massachusetts are responding to cyber incidents that disrupted internal IT systems but did not halt emergency se…

Category: Incident Response / Public Sector Incidents

#ransomware#law-enforcement#local-government#incident-response#public-safety#municipal-it

Salesforce Gainsight Token Abuse Enables Unauthorized Data Access

A new Salesforce-connected app compromise involving Gainsight-published applications has triggered a significant supply-chain security concern across enterprises relying on Salesforce integrations. In…

Category: Incident Response / Supply Chain Compromise

#salesforce#gainsight#oauth#supply-chain#token-theft

Akira Ransomware Breach Uses Fake CAPTCHA for 42-Day Compromise

The Akira ransomware group leveraged a deceptive fake CAPTCHA page to deliver initial access malware in a high-impact intrusion resulting in 42 days of undetected compromise. The attack chain started …

Category: Incident Response / Ransomware

#akira#ransomware#drive-by#dfir#fake-captcha

Record 14.2M RPS DDoS targets Turkish luxury retailer launch

A Turkish luxury retail platform suffered a record breaking application layer DDoS attack peaking at 14.2 million requests per second during its fall and winter 2025 collection launch, an incident tha…

Category: Threat Alerts / Incident Response & DFIR

#ddos#luxury-retail#imperva#layer7-attack#availability-risk

Lynx ransomware case reveals nine day RDP driven intrusion chain

Lynx ransomware operators executed a nine day intrusion culminating in backup destruction and multi server encryption, using valid credentials and Remote Desktop Protocol in a sequence closely aligned…

Category: Threat Alerts / Incident Response & DFIR

#lynx-ransomware#rdp-compromise#backup-destruction#dfir-case-study#t1133

AIPAC Third-Party Data Breach Exposes PII of Hundreds of Individuals

The AIPAC data breach involves unauthorized access to files on systems operated for the American Israel Public Affairs Committee, affecting 810 individuals via a compromised third-party environment. A…

Category: Threat Alerts / Incident Response & DFIR

#aipac#data-breach#third-party-risk#pii-exposure#incident-response#dfir

DoorDash Breach Exposes User Contact Data After Social Engineering

DoorDash disclosed a breach after an employee fell victim to a social engineering attack, enabling unauthorized access to internal systems. Attackers obtained names, addresses, emails, and phone numbe…

Category: Threat Alerts / Incident Response & DFIR

#doordash#breach#social-engineering#data-exposure

Clop exploits Oracle zero-day to breach Logitech data

Logitech confirmed a data breach following a cyberattack claimed by the Clop extortion gang, which exfiltrated approximately 1.8 TB of data via a third-party zero-day vulnerability believed to be Orac…

Category: Incident Response / Data Breach Incidents

#logitech#clop#oracle-ebs#cve-2025-61882#data-breach#extortion-campaign