👋 Hello and good morning!
Welcome to the CyberSignal Weekend Roundup. Each Monday, we’ll get you caught up on what happened over the weekend so you can start the week informed.
🗂️ Overview: Quick Guide
Insider threats now outpace external attacks (OPSWAT / Ponemon)
Salesforce targeted — FBI warns UNC6040 & UNC6395 abusing OAuth tokens & connected apps (The Hacker News)
Chrome & other CVEs disclosed — critical patches needed ASAP
AI complicates file security — generative models exploited in insider incidents (Continuity Insights)
Quick tip: Audit OAuth and third-party integrations today
🔝 Top Stories
1. Insider Threats Outshine External Risks
The latest State of File Security report from OPSWAT (via Ponemon Institute) finds that 61% of organizations experienced file-related breaches by insiders in the past two years, with an average cost of US$2.7 million per incident.
Nearly 45% of surveyed IT/security professionals now consider insider data leaks their top concern — outranking external hacking threats.
Many firms are still struggling to detect unauthorized file access within a week or less.
👉 What to do: Deploy or improve Data Loss Prevention (DLP) tools; tighten controls on file sharing and third-party transfers.
2. Salesforce Platforms Under Fire
The FBI has issued an alert: cybercriminal groups UNC6040 and UNC6395 are actively targeting Salesforce environments. Their tactics include vishing, abuse of OAuth tokens, and using malicious “connected apps.”
A high-profile case involved a chatbot integration exploited through a compromised GitHub repository.
👉 What to do: Audit connected apps and OAuth token permissions; enforce MFA and least privilege policies; monitor vendor access.
⚠️ Threat Watch
Chrome Zero-Days Fixed → Google patched CVE-2025-10200 & CVE-2025-10201, both RCE risks. Update Chrome immediately.
New CVEs Publicly Disclosed → Issues include SQL injection in a student grading system, WiFi device buffer overflow, and SSRF exploits. Proof-of-concepts are already circulating.
📊 Quick Hits
Only 40% of organizations can detect file-based threats within a week; the rest are slow or blind.
Legacy file security tools are failing — firms are shifting to platforms offering multiscanning, CDR, adaptive sandboxing.
Social engineering (phishing + vishing) is increasingly the path of least resistance into SaaS ecosystems.
📝 Looking Ahead
Expect further alerts and patches around Salesforce & SaaS integrations.
AI-assisted phishing kits are gaining traction — watch for new research drops.
Patch cycles from Microsoft, Google, and SAP may reveal new “exploited in the wild” vulnerabilities.
🚀 Pro Tip of the Week
Immediately review your organization’s connected apps and permissions in Salesforce (and other SaaS tools). Remove unused integrations and rotate OAuth tokens — attackers are counting on you to forget them.
🔒 Conclusion
This weekend’s developments highlight how quickly the threat landscape is shifting — from insider risks and Salesforce exploitation to critical browser patches. The common thread? Attackers are targeting the overlooked: forgotten tokens, unmonitored file access, and lagging updates.
👉 Stay vigilant, patch promptly, and audit what’s easy to forget. Small gaps can create big openings.
Till next Monday,