Gmail Users at Phishing Risk After Salesforce Data Theft; Cloudflare Blocks Record DDoS Attack via Google Cloud

IT Information Security News and Insights
Total 908 words · 4 mins read

Key Takeaways

  • Salesforce breach exposed data, risking 2.5B Gmail users to phishing; Google urges enhanced protections.
  • Cloudflare blocked record 11.5 Tbps DDoS attack from compromised Google Cloud accounts.
  • Azure AD misconfiguration leaks app credentials, risking Microsoft 365 tenant compromise; immediate action urged.
  • Infostealer malware dominates cyber threats, targeting credentials, cookies, and session data; defense strategies needed.
  • Malicious npm package impersonates Nodemailer, drains crypto wallets via Electron tampering.

Top Stories

Google denies major Gmail breach; 2.5B users at phishing risk after Salesforce data theft

In August 2025, Google refuted claims of a broad Gmail security breach but confirmed a June Salesforce breach exposed data risking over 2.5 billion Gmail users to phishing. Google urged enhanced protections like passkeys and 2FA amid rising phishing attacks linked to the incident.

Cloudflare blocks largest-ever 11.5 Tbps DDoS attack leveraging Google Cloud

In mid-2025, Cloudflare mitigated a record 11.5 Tbps UDP flood DDoS attack originating largely from compromised Google Cloud accounts. This hyper-volumetric attack lasted 35 seconds, highlighting escalating cloud-based cyber threats.

Azure AD misconfiguration leaks app credentials, risking Microsoft 365 tenant compromise

Researchers disclosed a critical vulnerability exposing Azure AD appsettings.json credentials, enabling attackers to impersonate apps and access Microsoft 365 resources, urging immediate secrets management improvements.

Infostealer malware dominates cyber threats, targeting credentials and session data

Infostealer malware continues to threaten enterprises and users by harvesting credentials, cookies, and tokens, necessitating dual-focused defense strategies.

Malicious npm package impersonates Nodemailer, drains crypto wallets via Electron tampering

In late August 2025, a malicious npm package named nodejs-smtp was found injecting code into desktop crypto wallets, redirecting transactions to attacker-controlled addresses.

InfoSec Insights

Commercial spyware vendors industrialize surveillance, threatening civil society globally

A September 2025 report details how commercial spyware firms evolved into billion-dollar entities deploying zero-click exploits against activists and journalists, urging stronger international regulation.

AI integration reshapes cybersecurity with rising adoption and emerging risks

September 2025 reports reveal 73% of organizations use AI in cybersecurity, facing challenges like data privacy and skill shortages, while AI-driven attacks increase complexity and scale.

Blackpoint Cyber and NinjaOne partner to improve MSP cybersecurity via MDR and endpoint management

In 2025, Blackpoint Cyber and NinjaOne formed a partnership to deliver rapid threat detection and consistent security for MSPs, addressing rising SMB cyberattack impacts.

Security Breaches

SSA whistleblower ousted after exposing sensitive data uploaded to insecure AWS cloud

On September 1, 2025, SSA Chief Data Officer Charles Borges was removed after whistleblowing on improper upload of sensitive Social Security data to an insecure Amazon Web Services server, risking identity theft.

Ransomware attack disrupts Pennsylvania Attorney General’s office for two weeks

Since August 11, 2025, the Pennsylvania AG’s office has faced a ransomware attack causing service outages; no ransom was paid and investigations continue with unknown perpetrators.

Tech Updates

MobSF patches critical path traversal and arbitrary file write vulnerabilities in version 4.4.1

In September 2025, MobSF fixed two vulnerabilities (CVE-2025-58161, CVE-2025-58162) allowing authenticated attackers to execute malicious files via improper path validation, urging immediate upgrades.

Android patches high-severity remote code execution flaws actively exploited in the wild

On September 5, 2025, Google released patches for critical Android vulnerabilities (CVE-2025-38352, CVE-2025-48543) enabling remote code execution, urging users to update immediately.

ESPHome ESP-IDF flaw lets attackers bypass authentication and flash malicious firmware

Reported September 2, 2025, CVE-2025-57808 allows local network attackers to bypass ESPHome authentication, risking unauthorized device control and firmware updates; patch 2025.8.1 fixes it.

GitGuardian Lambda extension intercepts and redacts sensitive data in AWS serverless responses

GitGuardian’s AWS Lambda extension scans function responses for secrets, redacting sensitive data before forwarding, enhancing serverless security without code changes.

Critical RCE in Microsoft IIS Web Deploy toolchain exploited via unsafe deserialization

On September 3, 2025, a public proof-of-concept revealed CVE-2025-53772, enabling authenticated attackers to execute arbitrary code on IIS Web Deploy servers via unsafe deserialization.

Critical SQL injection flaws in itsourcecode Apartment Management System 1.0 disclosed

On September 1, 2025, two high-severity SQL injection vulnerabilities (CVE-2025-9792, CVE-2025-9793) were reported in itsourcecode Apartment Management System 1.0, enabling remote database compromise.

Tenable updates Nessus plugins detecting numerous unpatched critical Linux/Unix vulnerabilities

In early September 2025, Tenable released multiple Nessus plugins identifying unpatched critical and high-severity vulnerabilities across Linux/Unix systems, with no vendor patches available, highlighting ongoing risks.

Varonis acquires SlashNext to boost AI-driven phishing and social engineering detection

On September 2, 2025, Varonis acquired SlashNext, integrating AI-native email security to enhance multi-channel phishing detection and improve data-centric threat response.

Threat Landscape

WhatsApp screen mirroring scam steals accounts via Trojan installation

On September 2, 2025, a WhatsApp scam using screen mirroring fraud was reported, where attackers trick victims into sharing screens to install Trojans and hijack accounts. Users are advised to verify contacts, avoid sharing screens, and enable two-step verification.

Millions infected by malicious browser extensions exploiting Chrome, Edge, and Firefox

In 2025, investigations revealed millions of users infected by malicious browser extensions disguised as AI, VPN, and crypto tools across Chrome, Edge, and Firefox. Users are urged to remove untrusted extensions and verify sources.

Malvertising scams impersonate hospitality service providers to steal cloud credentials

Starting mid-2025, attackers used malicious search ads to lure hospitality professionals to fake login portals, harvesting credentials for cloud property management and messaging platforms.

New Inf0s3c infostealer steals credentials, cookies, and screenshots, exfiltrating via Discord

Discovered in September 2025, Inf0s3c malware harvests extensive user data including passwords and webcam images, exfiltrating via Discord, highlighting evolving automated infostealer threats.

Sophisticated macOS malware subverts native protections to steal credentials and escalate privileges

Reported September 1, 2025, attackers exploit macOS Keychain, TCC framework, and disable SIP to bypass security, steal credentials, and gain elevated privileges.

Follow What Matters to You

Sources

What interests you today?

Initializing Request

Extracting Keywords

Analyzing Relevant Sources

Generating Your Channel

Suggested Topics

Join Syft AI right now!

Continue with Google
By tapping Continue, you agree to our Terms and Privacy Policy

Free Channel Limits

You can follow up to 0 free channels during beta testing.

Manage my channels

Confirm Unfollow

App not launch?

If the app doesn't launch successfully, you may need to download and install the latest version.