Today’s threat landscape is dominated by a massive data extortion campaign targeting Salesforce customers, allegedly orchestrated by the Scattered Spider group. This summary details the breach, an active Clop ransomware campaign exploiting Oracle vulnerabilities, and a new CISA alert for an actively exploited flaw. We also cover significant breaches at Discord and Renault, and emerging threats like self-spreading WhatsApp malware.
Top 5 Critical Security Alerts
- Hacking group claims theft of 1 billion records from Salesforce customer databases: The Scattered Spider (aka ShinyHunters) group claims a massive data theft from Salesforce customers like FedEx and TransUnion, launching a new leak site for extortion. Read more
- Oracle links Clop extortion attacks to July 2025 vulnerabilities — Oracle has connected an ongoing extortion campaign by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July. Read more
- CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild — CISA has added a high-severity command injection vulnerability in Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, indicating active attacks. Read more
- Japanese beer giant Asahi confirms ransomware attack — Asahi has confirmed that a ransomware attack was the cause of recent IT disruptions that forced it to shut down its factories. Read more
- Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL — A new self-propagating malware targeting Brazilian users is spreading rapidly via WhatsApp to infect Windows systems, engineered for speed and propagation. Read more
Threat Intelligence
- Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads: The Rhadamanthys info-stealer has been updated to support device fingerprint collection and can now hide malicious payloads within PNG image files. Read more
- New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT: A threat actor linked to the YoroTrooper hacking group is targeting the Russian public sector with malware families including FoalShell and StallionRAT. Read more
Security Breaches & Incidents
- Renault and Dacia UK warn of data breach impacting customers — The car manufacturer has notified UK customers that their sensitive information was compromised following a data breach at a third-party provider. Read more
- Discord customer service data breach leaks user info and scanned photo IDs — A third-party customer service provider for Discord was breached, leading to the exposure of user data, including names, emails, and a small number of government IDs. Read more
Security Tools & Best Practices
- Gmail business users can now send encrypted emails to anyone — Google has enabled Gmail enterprise users to send end-to-end encrypted emails to individuals using any email service or platform. Read more
- Presenting AI to the Board as a CISO? Here’s a Template. — A new template is available to help CISOs clearly communicate GenAI adoption strategies, associated risks, and governance controls to company leadership. Read more
Emerging Security Technologies
- CommetJacking attack tricks Comet browser into stealing emails: A new attack called ‘CometJacking’ exploits URL parameters in Perplexity’s Comet AI browser to execute hidden instructions and access sensitive data from connected services. Read more
- Signal adds new cryptographic defense against quantum attacks: The secure messaging app has implemented a new cryptographic component, Sparse Post-Quantum Ratchet (SPQR), to defend against future threats from quantum computing. Read more
