Week in Review: Multiple companies impacted by the Salesloft Drift breach; Sitecore faces a 0-day vulnerability, highlighting the importance of improved SEO practices.

Last week, several companies, including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud, confirmed that their Salesforce instances were accessed due to a breach at Salesloft, attributed to a group known as UNC6395. Additionally, a zero-day vulnerability (CVE-2025-53690) in Sitecore solutions has been exploited by attackers, leveraging an exposed ASP.NET machine key to breach on-premises deployments. A researcher at Nullcon Berlin disclosed a macOS vulnerability (CVE-2025-24204) that allows attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. Meanwhile, a new research project called NetMoniAI from Texas Tech University aims to enhance network monitoring and security through AI-driven analysis and distributed monitoring.

In other news, LinkedIn has introduced new verification rules to confirm the identities of users and companies, requiring workplace verification for leadership and recruiter roles to combat fake accounts and scams. Cloudflare also confirmed its involvement in the Salesloft Drift breach, with attackers obtaining 104 Cloudflare API tokens. Google has addressed over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which were reportedly under targeted exploitation. Furthermore, JFrog AI architect Shaked Zychlinski revealed that AI agents could be manipulated into executing malicious actions through hidden web pages. Lastly, a critical vulnerability (CVE-2025-42957) in SAP S/4HANA has been identified, posing significant risks to enterprise resource planning systems. 

Categories: Cybersecurity Breaches, Vulnerabilities and Exploits, AI in Security 

Tags: Zscaler, Palo Alto Networks, Salesloft, Vulnerability, Cybersecurity, AI Agents, Data Breach, LinkedIn, Android, SAP S/4HANA