Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Sr. Technical Content Strategist The LimaCharlie SecOps Cloud Platform, now available on Google Cloud Marketplace, delivers the building blocks enterprise SOCs need to integrate, customize, and manage security operations their way: API-First Architecture- Integrate existing solutions, telemetry sources, and third-party resources to standardize your security stack and centralize control over operations. Modular and Scalable- Deploy only the capabilities you need.

Coralogix is excited to announce a major enhancement to our Unified Threat Intelligence (UTI) capabilities – now with expanded IOC matching beyond IPs. While our earlier focus was primarily on detecting malicious IP addresses, threats have evolved. Attackers now hide behind encrypted traffic, disposable domains, and polymorphic files. To stay ahead, we’ve normalized new critical fields – JA3, JA4, domain, URL, and file hash and integrated them into our UTI engine.

Last night, our automated Aikido Intel system alerted us that potentially malicious code was detected in some packages within the @nx scope, which include packages with as many as ~6 million weekly downloads. The scope and impact of this breach are significant, as the attacker chose to publish the stolen data directly on GitHub, rather than sending it to their own servers. This means that there’s a SIGNIFICANT amount of credentials that are publicly available on GitHub.

Cybercriminals frequently target Small and Medium-sized Businesses (SMBs) due to their limited security resources. As cyber attacks become more sophisticated, SMBs must proactively defend their critical systems and sensitive data by investing in the right cybersecurity tools. Some cybersecurity tools that every SMB should consider adding to their security stack include a password manager, a Privileged Access Management (PAM) solution, a secure remote access solution and a secrets manager.

On August 20, 2025, Salesloft published an advisory describing a security issue potentially affecting the Salesloft Drift integration with Salesforce. On August 26, Google Threat Intelligence Group (GTIG) provided additional details about the campaign, in which a threat actor known as UNC6395 authenticated against Salesforce customer instances using compromised OAuth tokens tied to the Salesloft Drift integration with Salesforce.

One can’t discuss the modern state of endpoint security without mentioning a term that has quickly become ubiquitous with security solutions: artificial intelligence (AI). With a constantly evolving threat landscape and many security challenges plaguing organizations (e.g sprawling attack surfaces, monitoring and continuity gaps, alert overload, and limited resources), it’s clear that endpoint security must evolve as well, and the most-promising advancement is AI.