company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Toyota

Ransomware Attack

loading..
loading..
loading..

Toyota's production operation crippled by a ransomware attack appearing as system failure

Toyota shut down operations of 28 production lines in 14 plants after discovering a system failure which appears to be a ransomware attack...

01-Mar-2022
2 min read

No content available.

Related Articles

loading..

DDoS Attack

Cloudflare auto-mitigated a record 11.5 Tbps UDP flood from Google Cloud in 35s ...

Cloudflare says it has automatically blocked the largest volumetric DDoS attack ever observed, a **UDP flood that spiked to 11.5 terabits per second** and **lasted \~35 seconds**. The company added that the traffic **mostly originated from Google Cloud** and arrived amid **“hundreds” of hyper-volumetric attacks** seen in recent weeks. *(Note: despite the article slug reading “115,” the reported peak is **11.5** Tbps.)* ## Why this is historic At **11.5 Tbps**, the new peak surpasses Cloudflare’s **7.3 Tbps** record disclosed in June 2025 and the **3.8 Tbps** bar set in October 2024. Microsoft previously reported a **3.47 Tbps** mitigation in 2022. The fresh milestone shows attack capacity is still climbing, fast. ## Anatomy of the blast * **Vector:** **UDP flood** (bandwidth-saturating, connectionless packets). * **Burstiness:** **\~35s** duration, consistent with recent short, high-intensity “hyper-volumetric” surges. * **Scale:** Cloudflare noted **peaks of 5.1 Bpps** (billions of packets per second) alongside **11.5 Tbps** during the recent wave. * **Source profile:** “Mainly” from **Google Cloud**—typical of today’s DDoS where abused cloud instances can marshal enormous, transient firepower. ## How Cloudflare absorbed it—at wire speed Cloudflare’s mitigation is **autonomous and distributed**. Each edge server runs the in-house **`dosd`** (denial-of-service daemon) for instant detection and filtering, complemented by **`flowtrackd`** for stateful protection of complex flows. Decisions happen at the edge without centralized consensus, cutting reaction times to seconds. The scale rides on a **405 Tbps Anycast network** designed to soak bandwidth floods before they localize impact. ## The broader trend: hyper-volumetric is the new normal Cloudflare’s recent threat reports chart an aggressive rise in volumetric events. In **Q2 2025**, it recorded **the then-largest 7.3 Tbps** and **4.8 Bpps** attacks while blocking **6,500+ hyper-volumetric** events that quarter. Earlier, Cloudflare tallied **21.3 million** DDoS mitigations across **2024** and **20.5 million** in **Q1 2025** alone, including **6.6 million** strikes directly against its own backbone in an **18-day** multi-vector campaign. The new 11.5 Tbps spike extends that arc. ## How it compares—recent records at a glance * **Sep 2025:** **11.5 Tbps** UDP flood, mostly from Google Cloud; \~35s. * **May/Jun 2025:** **7.3 Tbps** attack on a hosting provider; \~45s; largely UDP; “carpet-bombing” across many ports. * **Oct 2024:** **3.8 Tbps / \~65s** hyper-volumetric L3/4 campaign. * **Jan 2022:** **3.47 Tbps** on an Azure customer (Microsoft). ## What this means for defenders (actionable takeaways) 1. **Assume bursts, not sieges.** Modern floods compress devastating throughput into sub-minute windows; tune detection & alerting for **seconds-level** granularity. 2. **Push filtering to the edge.** On-prem scrubbing alone can be too late. Prefer **always-on, autonomous mitigation** with global Anycast capacity. 3. **Harden UDP exposure.** Inventory UDP services, restrict to business-critical ports, and apply **stateless filters / rate limits** close to ingress. 4. **Spoofing resistance upstream.** Work with ISPs and cloud partners on **ingress filtering** and abuse handling to blunt reflection/amplification potential. *(Industry best practice; aligns with provider guidance.)* 5. **Exercise runbooks for 30–60s shocks.** Simulate hyper-volumetric bursts to validate telemetry, auto-mitigation, and comms in the first minute. ## Open questions we’re watching * **Victim & motive:** The target of the 11.5 Tbps surge wasn’t named; attribution and motive remain unconfirmed. * **Abuse pathways in cloud:** How attackers marshalled such momentary scale from Google Cloud—and what countermeasures follow—will shape future resilience. ## Bottom line The 11.5 Tbps peak is a **step-change, not a blip**. Short, furious floods launched from powerful cloud footprints are redefining DDoS economics. Cloudflare’s autonomous edge and massive Anycast backbone proved decisive this time; everyone else should calibrate defenses to **match the new tempo**.

loading..   02-Sep-2025
loading..   4 min read
loading..

Supply Chain Attack

Zscaler warns of support-case and contact data exposure after Salesloft Drift br...

Zscaler has disclosed a data breach affecting its Salesforce environment after attackers exploited the compromise of Salesloft’s Drift platform, a third-party tool widely connected to customer relationship management (CRM) systems. Contact information from some customers and text from select support cases were exposed, though the company stressed that its products or infrastructure were not impacted. ## Breach Origin The incident stems from a campaign in which attackers stole OAuth and refresh tokens tied to Drift integrations. Those stolen tokens allowed unauthorized access into Salesforce environments, where large-scale queries were executed against CRM objects such as Accounts, Users, Opportunities, and Cases. Google Threat Intelligence attributes the operation to an actor it tracks as **UNC6395**, with activity observed between August 8 and August 18, 2025. ## Data Exposure According to Zscaler, the breach revealed customer names, business emails, job titles, phone numbers, geographic details, commercial data, licensing records, and text from a subset of support cases. File attachments were not included in the exposure. The company has clarified that the affected data was limited strictly to Salesforce and did not touch any of its cloud products. ## Company Response Following detection, Zscaler revoked Drift integrations, rotated API tokens, initiated a joint investigation with Salesforce, and introduced stricter authentication checks for customer support. The firm confirmed that no misuse of the accessed data has been observed so far. ## Expanded Threat Google has since reported that the Drift compromise extended beyond Salesforce, impacting **Drift Email** users as well. Stolen tokens were used to access some Google Workspace accounts that had integrated Drift services. Both Google and Salesforce disabled Drift integrations while security reviews progressed. Google has advised all organizations with Drift connections to rotate credentials immediately. ## Attack Attribution The wider campaign resembles Salesforce data-theft incidents carried out earlier this year by groups including **ShinyHunters**, which targeted enterprises such as Cisco and Workday. These intrusions often begin with vishing calls that trick employees into approving malicious OAuth apps, enabling large-scale data exfiltration without malware. Whether UNC6395 is directly linked to ShinyHunters remains unconfirmed, but the operational overlap is notable. ## Customer Guidance Zscaler is urging customers to be alert for phishing attempts, verify any unexpected requests for information, and rely exclusively on official support channels. Security teams are encouraged to review integration inventories, revoke Drift tokens, check Salesforce logs for suspicious queries, and rotate any credentials referenced in exposed support cases. The breach illustrates how quickly trust in SaaS ecosystems can be weaponized. While Zscaler has reassured customers that its services remain unaffected, the incident underlines the risks posed by third-party integrations. With attackers exploiting OAuth trust relationships instead of deploying malware, enterprises must adopt tighter monitoring of API connections and apply stricter lifecycle management for tokens.

loading..   01-Sep-2025
loading..   3 min read
loading..

CreditUnion

TransUnion hack exposed 4.4M users’ SSNs & personal data. Learn what happened, w...

In late July 2025, TransUnion, one of the "Big Three" U.S. credit bureaus, disclosed a significant cyber incident impacting **4.4 million individuals**. While the company insists that its core credit database remained untouched, the breach nevertheless exposed **personally identifiable information (PII)** — including **names, Social Security numbers, dates of birth, and contact details**. This event adds another chapter to the growing pattern of large-scale identity-driven cyberattacks exploiting **third-party applications** and **cloud ecosystems**. ## Anatomy of the Breach ### Timeline of Events * **July 28, 2025**: Unauthorized access detected in a third-party application supporting TransUnion’s U.S. consumer services. * **Within hours**: TransUnion claims the intrusion was “contained.” * **July 30, 2025**: Internal forensics and law enforcement were engaged. * **August 28, 2025**: Public disclosure revealed the scale — **4.4 million impacted individuals**. The breach was not directly within TransUnion’s credit systems, but rather within an **externally hosted application**, aligning with a recent wave of **Salesforce-related breaches** seen across enterprises such as **Google, Allianz Life, Cisco, and Workday**. ## What Hackers Accessed ### Exposed Data * Full Names * Dates of Birth * Social Security Numbers * Residential Addresses * Contact Information (email, phone numbers) This type of PII is highly valuable for **identity theft, account takeover, and social engineering campaigns**. ### Not Compromised * Credit histories * Core credit bureau databases * Financial account data While the exclusion of credit files offers some relief, the **leakage of foundational identity markers (SSNs, DOBs, addresses)** is still devastating, as these cannot be easily changed or reset. ## Who’s Behind the Attack? Evidence links the breach to **campaigns exploiting OAuth misconfigurations** in Salesforce-related environments. Security analysts attribute several of these attacks to the group **UNC6395**, while other sources suggest possible ties to **ShinyHunters**, a notorious hacking collective specializing in mass data theft and resale on dark web marketplaces. The technical vector appears to involve: 1. **Compromised OAuth tokens** used by legitimate third-party applications. 2. Unauthorized lateral access to sensitive consumer data hosted externally. 3. Rapid data exfiltration before containment measures triggered. This reflects a growing **supply-chain attack paradigm**, where **trusted SaaS tools become the weak link** in otherwise secure organizations. ## Why This Matters ### For Consumers * **4.4 million individuals** face heightened risks of identity fraud. * Fraudulent tax filings, false loan applications, and SIM-swap attacks are realistic downstream threats. * Even outside the U.S., leaked data may fuel **phishing attacks** worldwide. ### For Enterprises * Highlights the **perils of third-party dependency**. * Regulatory compliance pressure increases, especially under **U.S. state breach laws** and emerging **global data sovereignty frameworks**. * Reputation damage can undermine consumer trust — especially for a company whose business model rests on safeguarding credit data. ## Regulatory Under data protection laws in **Texas and Maine**, TransUnion filed formal breach notifications. Other states are expected to follow. Impacted consumers are being offered **two years of free credit monitoring and identity theft protection**. However, regulators may scrutinize whether TransUnion: * Conducted sufficient vendor risk assessments. * Had adequate detection controls in its **cloud supply chain**. * Appropriately minimized data exposure within third-party platforms. The breach may further accelerate calls for **federal-level U.S. data privacy laws** — a long-debated gap compared to the **GDPR in Europe**.

loading..   29-Aug-2025
loading..   3 min read
Company Logo
logo

Secure Blink automates the web application and API security for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

LinkedIn Logo
Twitter Logo
Discord Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

contact@secureblink.com

@ Copyright 2025 Secure Blink. All rights reserved.