Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

gitguardian

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

Sep 5, 2025 By Gaetan Ferry In GitGuardian
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint.
Read Post
signmycode

Salesloft Drift Supply Chain Attack Hits Palo Alto Networks and Zscaler

Sep 5, 2025 By SignMyCode In SignMyCode
An important supply chain incident has rocked the security industry by showing us that some of the biggest security enterprises are also threatened by the risk of third-party SaaS product integrations. The incident, involving Salesloft Drift, a marketing automation solution integrated with Salesforce, resulted in the threat actor getting OAuth tokens. These tokens allowed them to exfiltrate massive volumes of sensitive data about customers, including account records, case information, and contact data.
Read Post
apono

Beyond the Drift Breach: Securing Non-Human Identities with Zero Standing Privileges

Sep 5, 2025 By Gabriel Avner In Apono
The Drift OAuth breach didn’t just expose one SaaS vendor — it exposed a systemic blind spot: the sprawling, ungoverned world of Non-Human Identities. In case you missed it, in August 2025, attackers from UNC6395 exploited compromised OAuth tokens from Salesloft’s Drift integration—an AI chat tool—to access and exfiltrate data from Salesforce, including credentials like AWS keys and Snowflake tokens.
Read Post

The GhostAction Supply Chain Attack: Compromised GitHub Workflows And Stolen Secrets

Sep 5, 2025 By GitGuardian In GitGuardian
GitGuardian has uncovered GhostAction, a massive supply chain attack targeting 327 GitHub users and 817 repositories. Attackers injected malicious workflows that exfiltrated over 3,325 secrets, including npm, PyPI, and DockerHub tokens. Watch as GitGuardian's Senior Cybersecurity Researcher, Guillaume Valadon breaks down how this campaign unfolded, what was stolen, and what developers need to know to stay safe.
View Video
cyberark

Cheaters never win: large-scale campaign targets gamers who cheat with StealC and cryptojacking

Sep 4, 2025 By Ari Novick In CyberArk
A sprawling cyber campaign is turning gamers’ hunger to gain an edge into a massive payday for threat actors who are leveraging over 250 malware samples to steal credentials and cryptocurrencies. The operation has already netted wallets containing more than US$135,000. In this blog post, we will delve into a specific infection instance, explore its mechanisms. and share indicators of compromise (IoCs).
Read Post

Proactive Security: How ThreatX Protects Before an Attack Happens

Sep 4, 2025 By A10 Networks In A10 Networks
Proactive Security: How ThreatX Protects Before an Attack Happens Carlo Alpuerto from A10 Networks highlights the core strengths of the ThreatX platform. He explains how ThreatX consolidates protection against WAF, API, DDoS, and bot attacks within a single, unified system. The platform's ability to use all of this information cumulatively is a key differentiator, allowing it to generate a risk score for specific entities and proactively protect against attacks, even during the initial reconnaissance and probing phases.
View Video
knowbe4

Report: AI Can Now Automate Entire Attack Chains

Sep 4, 2025 By KnowBe4 Team In KnowBe4
Threat actors can now use AI tools to automate entire attack operations, according to a new report from Anthropic. The company says an attacker abused its Claude AI tool to create a hacking and extortion campaign that compromised at least seventeen organizations. The attacker used Claude to conduct reconnaissance, initial access, malware development, data exfiltration, and extortion analysis.
Read Post
jfrog

New Invisible Attack Creates Parallel Poisoned Web Only for AI Agents

Sep 4, 2025 By Shaked Zychlinski In JFrog
AI agents are rapidly evolving from simple text generators into powerful autonomous assistants that can browse the web, book travel, and extract complex data on our behalf. This new “agentic” AI, which operates in a “sense-plan-act” loop, promises to revolutionize how we interact with the digital world.
Read Post
cato networks

Cato CTRL Threat Research: Threat Actors Abuse Simplified AI to Steal Microsoft 365 Credentials

Sep 4, 2025 By Guy Waizel In Cato Networks
AI marketing platforms have exploded in popularity, becoming everyday tools for creative teams in enterprises worldwide. Platforms like Simplified AI offer marketers the ability to generate content, clips, and campaigns at scale. For CISOs and IT leaders, approving such services often seems straightforward: allow access, whitelist the domain, and enable the marketing team to innovate.
Read Post
outpost 24

Business logic: The silent future of cyberattacks

Sep 4, 2025 By Jimmy Bergqvist In Outpost 24
Future hacks won’t trigger alarms or leave traces. No security measures will be violated. The systems are functioning normally – but the loss is real. As automated defenses improve, attackers must target what machines can’t: the business processes. By exploiting flaws in workflow logic, hackers can steal data and funds in a way no one expected. Business logic vulnerabilities are now a serious cybersecurity blind spot, and a leading method for breaching even the most secure systems.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.