Category: General

A coordinated data theft campaign leveraged compromised OAuth access and refresh tokens tied to the Salesloft Drift integration to pull large datasets from many organizations’ Salesforce instances. Google’s Threat Intelligence Group (GTIG) attributes the activity to UNC6395 and observed systematic SOQL querying focused on harvesting credentials and secrets from CRM records. The activity window runs from at least August 8 to August 18, 2025;

On August 28 2025, CISA published nine advisories covering Mitsubishi Electric, Schneider Electric, Delta Electronics, GE Vernova, and Hitachi Energy. Several issues are remotely exploitable with low attack complexity; patches exist for many products, while some Mitsubishi Electric PLC weaknesses require compensating controls only. No known public exploitation is reported as of August 28, 2025 [1]. (cisa.gov) Overview These ICS advisories span PLCs, HMI/SCADA

AI-powered ransomware has moved from hypothetical to here-and-now. Public reporting by ESET and other industry outlets describes the first known case of ransomware produced with the help of a large language model (LLM), demonstrating that generative AI can compress development time and lower the skill threshold for cybercrime. While the sample analyzed was not unprecedented in capability, its existence is a watershed for defenders:

Chinese state-sponsored cyber actors are conducting long-running intrusion campaigns against telecoms and other critical networks by exploiting known vulnerabilities in edge and core network devices. As of August 28, 2025, CISA’s joint advisory AA25-239A reports widespread targeting of backbone, provider edge (PE), and customer edge (CE) routers, with persistence achieved via configuration tampering, tunneling, and credential collection; patches and detailed mitigations are available, and CISA has published STIX IOCs to aid hunting.

Last week, our founder Patrick Kelley had the privilege of presenting on a topic often overlooked in our industry: the mental health challenges facing cybersecurity professionals. The presentation, now featured by the EMC cooperative group (NRECA), highlighted the relentless stress, burnout, and emotional toll that defending critical infrastructure can bring. We talked about how protecting the grid goes beyond patching vulnerabilities and watching alerts;

On June 20, 2025, the Federal Energy Regulatory Commission (FERC) finalized a new cybersecurity requirement that could fundamentally change how electric utilities defend their operational technology networks. This new standard—known as CIP-015-1—introduces a mandatory requirement for Internal Network Security Monitoring (INSM). And it’s not a suggestion—it’s a shift in the way we approach security inside critical systems. At Léargas Security, we view this as

The Ryan Vargas podium finish this weekend delivered a clear message. He is fast, focused, and ready to contend. Driving the #28 Dodge Challenger in the NASCAR North America Series, Ryan turned pressure into performance. As an associate sponsor, Léargas Security is proud to stand with him as he builds momentum. A Sudden Pit Road Incident The day began with an unexpected challenge. After

Léargas Security is excited to announce that Patrick Kelley, our CEO and seasoned cybersecurity expert, will deliver specialized training on leveraging Zeek for advanced cybersecurity monitoring at the upcoming Co-op Cyber Tech conference. The event, a leading technical conference addressing cybersecurity in the cooperative space, is scheduled for June 24 – 26, 2025, in Denver, Colorado. In this highly anticipated session, titled “Zeek: Leveraging ACID and

We’re pleased to share that Patrick Kelley, CEO of Critical Path Security and Léargas Security, will be speaking at the 2025 GTBA Annual Meeting of the Membership, hosted by the Georgia Rural Telephone and Broadband Association. 📍 Location: Hammock Beach, Daytona Beach, FL 📅 Dates: June 15–19, 2025 🗣 Topic: Ransomware in Telecom and Broadband: Real-World Impact and Response Strategies Why This Talk Matters

We’re proud to announce that Patrick Kelley, CEO of Critical Path Security and Léargas Security, will be speaking once again at GridSecCon 2025. His breakout session, titled “Mental Health in Cybersecurity: Leveraging the Maslach Burnout Inventory,” will take place on October 8, 2025, from 3:00 PM to 4:00 PM PT. Why This Talk Matters Cybersecurity is more than threat detection and response—it’s a high-pressure

In our latest interview with Ryan Vargas, we got a firsthand look at what’s fuelling his drive this season—upcoming races, continued team growth, and the strong foundation built through our ongoing partnership with Léargas Security. All Eyes on Chicago and CanadaRyan shared his excitement about the next stops on the schedule: Chicago and Canada. With travel plans in motion and preparations underway, the team is

Critical security vulnerabilities have been discovered in VMware Cloud Foundation, posing significant risks. These include directory traversal (CVE-2025-41229, CVSS 8.2), information disclosure (CVE-2025-41230, CVSS 7.5), and missing authorization (CVE-2025-41231, CVSS 7.3). Immediate patching is strongly recommended as no temporary mitigations are currently available.