Month: August 2025

A coordinated data theft campaign leveraged compromised OAuth access and refresh tokens tied to the Salesloft Drift integration to pull large datasets from many organizations’ Salesforce instances. Google’s Threat Intelligence Group (GTIG) attributes the activity to UNC6395 and observed systematic SOQL querying focused on harvesting credentials and secrets from CRM records. The activity window runs from at least August 8 to August 18, 2025;

On August 28 2025, CISA published nine advisories covering Mitsubishi Electric, Schneider Electric, Delta Electronics, GE Vernova, and Hitachi Energy. Several issues are remotely exploitable with low attack complexity; patches exist for many products, while some Mitsubishi Electric PLC weaknesses require compensating controls only. No known public exploitation is reported as of August 28, 2025 [1]. (cisa.gov) Overview These ICS advisories span PLCs, HMI/SCADA

AI-powered ransomware has moved from hypothetical to here-and-now. Public reporting by ESET and other industry outlets describes the first known case of ransomware produced with the help of a large language model (LLM), demonstrating that generative AI can compress development time and lower the skill threshold for cybercrime. While the sample analyzed was not unprecedented in capability, its existence is a watershed for defenders:

Chinese state-sponsored cyber actors are conducting long-running intrusion campaigns against telecoms and other critical networks by exploiting known vulnerabilities in edge and core network devices. As of August 28, 2025, CISA’s joint advisory AA25-239A reports widespread targeting of backbone, provider edge (PE), and customer edge (CE) routers, with persistence achieved via configuration tampering, tunneling, and credential collection; patches and detailed mitigations are available, and CISA has published STIX IOCs to aid hunting.