Dataproof Communications

What is the Attack? On November 24, 2025, Shai Hulud launches a second supply-chain attack, compromising Zapier, ENS, AsyncAPI, PostHog, and Postman, along with over 25,000 affected repositories across ~350 unique users. Shai Hulud 2.0 Strikes Again: Malware Supply-Chain Attack Hits Zapier & ENS...

On November 23, 2025, Gainsight confirmed that it’s actively investigating unusual activity involving its applications that are integrated with Salesforce—an incident that underscores the growing risk of supply-chain compromise through trusted SaaS integrations. What happened The security event came to light on November 19, when Salesforce detected suspicious API calls. The calls originated from non-allowlisted IP addresses through...

Key Takeaways Traditional vulnerability management (VM) overwhelms teams with undifferentiated findings; integrating threat intelligence adds real-world context so you can fix what’s actually being targeted first. Threat intelligence-enriched, risk-based prioritization reduces MTTR, aligns with business risk, and moves programs from reactive to proactive. A modern approach uses automated risk scoring, dashboards, and workflow integrations to operationalize intelligence...

Black Friday has evolved into one of the most active shopping periods of the year. No longer is it just one day of shopping after Thanksgiving; the sales have now turned into a full week of high-volume promotions, beginning before Thanksgiving and stretching through Black Friday and Cyber Monday, with many retailers extending deals even longer. Unsurprisingly, this surge...

Learn more about the Shai-Hulud 2.0 npm worm. - Read more

Over a dozen exploits were used to target IoT devices. - Read more

Key Takeaways The traditional “digital perimeter” paradigm for enterprise cybersecurity is no longer relevant in today’s online landscape. Instead of defending one’s internal network from the outside world, organizations must shift to a model of digital risk that takes into account every possible point of compromise. Given the continuous influx of alerts and data facing organizations today,...

In a ceremony held in September, Let’s Encrypt generated two new Root Certification Authorities (CAs) and six new Intermediate CAs, which we’re collectively calling the “Generation Y” hierarchy. Now we’re moving to begin issuing certificates from this new hierarchy, and to submit it to various root programs for inclusion in their trust stores. The two new roots look very similar...

Summary Advances in large-language models (LLMs) and the anticipated arrival of artificial general intelligence (AGI) are rapidly closing the gap between concept and capability. The prospect of humanoid robots functioning autonomously in workplaces and public spaces is moving from speculative to attainable. Global population decline is accelerating the demand for humanoid robots designed to operate within human environments...

Key Takeaways Real-time intelligence at scale: Threat intelligence automation accelerates detection and response by processing vast threat data instantly, far faster than any manual analysis could achieve. Enhanced SOC efficiency: Automation filters false positives and handles repetitive tasks so analysts focus on true threats. Recorded Future advantage: Recorded Future’s Intelligence Cloud delivers automated threat protection through real-time...