Hackers posing as IT support are targeting employees at large companies to sneak into their Salesforce systems and steal data. They start with a phone call, pretending to help with a routine issue. The real goal? To get the employee to connect to a fake version of Salesforce’s Data Loader tool. Once that happens, the attackers can quietly grab sensitive company data.
Google’s Threat Intelligence Group has been tracking the group behind this, known as UNC6040. Their method depends on trust—posing as helpful support staff and guiding employees through what feels like a normal setup process. Because the tool is something many employees already use, it doesn’t seem suspicious. [Read more…]
Researchers have uncovered a batch of malicious packages in the NPM repo that quietly racked up over 6,000 downloads before anyone noticed. These weren’t your typical cryptominers or info-stealers. They were designed to crash systems, wipe files, and corrupt data—sometimes all at once.