Table of Contents

    Get Our Blogs Directly to Your Inbox, Every Friday

    Additional Resources:

    Extortion Without Encryption: The Next Phase of Ransomware

    Extortion Without Encryption: The Next Phase of Ransomware

    Articles

    5 min read

    The ROI of Response: Why Modern MDR Saves More Than It Costs

    The ROI of Response: Why Modern MDR Saves More Than It Costs

    Articles

    5 min read

    In this week’s Security Advisory

    • Salesloft Drift OAuth Vulnerability Leads to Data Exfiltration Attacks
    • Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Server
    • Android September Patch Release
    • WhatsApp Zero-Day Exploited in Attacks Targeting iOS Devices

    Salesloft Drift OAuth Vulnerability Leads to Data Exfiltration Attacks

    Salesloft Drift is a third-party AI chatbot tool used by organizations to convert interactions into Salesforce leads. On August 20th, Salesloft stated that they had found a vulnerability within the Drift application. This vulnerability allows malicious actors to steal OAuth tokens and export large amounts of data from the affected organizations’ Salesforce platform. There has been a wave of these attacks recently, which have been claimed by a group known as “Shiny Hunters.” It is believed that from the steps of recent attacks, one of the goals is to search for AWS access keys, other tokens, VPN login information, and generic keywords like “password.”

    Recommendations

    • Revoke and rotate authentication keys, credentials, and secrets.
    • Review all Drift integrations.
    • Search the connected systems for signs of compromise.

    More Reading / Information

    Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers

    Sangoma has released patches for a recently exploited vulnerability that affects FreePBX servers with the administrator control panel accessible from the internet. The vulnerability, tracked as CVE-2025-57819 (CVSS 10/10), is described as insufficient sanitization of user-supplied data. Successful exploitation of this vulnerability can allow an attacker to access the FreePBX administrator panel, enabling database manipulation and remote code execution.

    Affected Versions

    • FreePBX versions 15, 16, and 17.
    • Restrict public access to the admin console.

    Recommendations

    • Please apply the latest patches found here.

    More Reading / Information

    Android September Patch Release

    Android published its September Security Bulletin, which addressed 120 vulnerabilities, two of which have been exploited in the wild. The exploited vulnerabilities are tracked as CVE-2025-38352 (CVSS 7.4/10) and CVE-2025-48543. Google has stated that both vulnerabilities could lead to privilege escalation and that user interaction is not required to exploit.

    Affected Versions

    • A full list of affected versions can be found here.

    Recommendations

    • Apply the latest patches.

    More Reading / Information

    WhatsApp Zero-Day Exploited in Attacks Targeting iOS Devices

    WhatsApp has disclosed a zero-day vulnerability that was actively exploited in targeted attacks against Apple device users. Tracked as CVE-2025-55177 (CVSS 5.4/10), the flaw stems from insufficient authorization checks during the synchronization of messages between linked devices. According to WhatsApp’s advisory, attackers could exploit this weakness to force the app to process content from unauthorized URLs on the victim’s device.

    Affected Versions

    • WhatsApp for iOS prior to v2.25.21.73
    • WhatsApp Business for iOS v2.25.21.78
    • WhatsApp for Mac v2.25.21.78.

    Recommendations

    • Update to WhatsApp for iOS version 2.25.21.73.
    • Update to WhatsApp Business for iOS version 2.25.21.78.
    • Update to WhatsApp for Mac version 2.25.21.78.

    More Reading / Information

    Recommendations

    Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.