Diogo Santos Coelho (aka “Omnipotent” of RaidForums) was arrested in January 2022 in the U.K. when he traveled there to visit his mother. For the past 3+ years, he has been in limbo while both the U.S. and Portugal seek his extradition. It has not been a straightforward matter legally. Far from it, actually. The…
Category: Commentaries and Analyses
English Court of Appeal Rules on Compensation for Data Breaches
There’s an update to Farley v Equiniti. Ann Bevitt and Morgan McCormack of Cooley write: The English Court of Appeal has handed down an important judgment in Farley v. Paymaster (Equiniti) [1] on when compensation may be claimed for nonmaterial damage (such as distress or anxiety) arising out of breaches of the General Data Protection Regulation (GDPR) and the…
Salesloft+Drift Update on Investigation Results
There’s an update to the Salesloft+Drift portal with results from the Mandiant Drift and Salesloft application investigations: Mandiant’s investigation has determined the threat actor took the following actions: In March through June 2025, the threat actor accessed the Salesloft GitHub account. With this access, the threat actor was able to download content from multiple repositories,…
CISA orders federal agencies to patch Sitecore zero-day following hacking reports
Jonathan Greig reports: Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug. Sitecore published a bulletin on Wednesday about CVE-2025-53690, which affects several of the company’s products. A key issue with the bug is the use of…
Idaho man who threatened his hacking victims appeals his sentence in Georgia
Back in 2016-2018 when threat actors known as thedarkoverlord (“TDO”) were hacking entities and attempting to extort their victims by sending them emails with details about their family members and threats of what would happen if the victims didn’t pay up, a man in Meridian Idaho who called himself “Lifelock” or “Studmaster” was doing the…
Salesloft Drift Breach Rolls Up Cloudflare, Palo Alto, Zscaler, and Others
Jeffrey Burt reports: The ever-widening series of supply chain attacks on Salesforce instances linked to Salesloft’ Drift app has claimed a number of new victims in recent days, including Cloudflare, Palto Alto Networks, and Zscaler. Cybersecurity firms SpyCloud and PagerDuty also said they were hit by the UNC6395 threat group that exploited a vulnerability in…