
Cybersecurity Awareness Month Spotlight:
Lessons Learned from the FEMA/CBP Breach TraitWare: Phishing-Resistant, Passwordless MFA for Government Systems October is Cybersecurity Awareness Month, a time to reflect on recent breaches and the lessons they teach us. Just this June, FEMA and CBP suffered a major compromise when attackers exploited stolen login credentials to access FEMA’s Citrix Virtual Desktop Infrastructure. The […]

FBI Issues Salesforce Data Breach Alert: Protect Against OAuth Attacks
How Modern Cyber Attacks Exploit OAuth, APIs, and Human Error (and What Companies Can Do About It). On September 12, 2025, the FBI issued FLASH-20250912-001, calling urgent attention to a wave of data theft and extortion attacks targeting Salesforce environments. Two major cybercriminal groups – UNC6040 and UNC6395 – are leading the charge. They employ […]

Downgrade Attacks: When Even Strong Authentication Can Be Tricked
FIDO-based passkeys (like hardware keys, biometrics, or “passwordless” logins) are considered one of the best ways to protect accounts from phishing and takeover threats. They’re strong because they don’t rely on passwords or codes that can be easily stolen. But researchers at Proofpoint have found a new trick called a “downgrade attack.” Here’s how it […]