1.5 Billion Salesforce Records at Risk at Scattered Lapsus$ Hunters Dark Web Site

 

A new wave of extortion attacks is targeting Salesforce environments across major companies — and the scale is massive. A group calling itself the Scattered Lapsus$ Hunters, reportedly linked to ShinyHunters, Lapsus$, and Scattered Spider, claims to have stolen 1.5 billion Salesforce records. The stolen data allegedly includes personal info, shipping details, and even chat transcripts from integrations with the Salesloft Drift chatbot. The attackers have already listed 39 major brands — including Disney, Cisco, McDonald’s, IKEA, and FedEx — on a dark web data leak site, demanding ransom not just from victims but from Salesforce itself. If payments aren’t made, they threaten to leak the data publicly after October 10. While Salesforce maintains that its platform wasn’t directly breached, the incident highlights a growing truth: third-party integrations are now one of the biggest attack vectors in modern supply chains. Stay alert. Audit your integrations. Trust, but verify. https://plixer.zoom.us/webinar/register/WN_vdUGj1AwSdyPMcUSyiWS_Q#/registration

Cisco Confirms Multiple Zero-Days Under Active Attack — Millions of Devices at Risk

 

Probably the biggest cybersecurity news this week: Cisco has confirmed multiple critical zero-day vulnerabilities across its platforms — and attackers are already exploiting them. What’s happening: * Over 2 million Cisco devices potentially exposed. * SNMP stack overflow: crash devices or run code as root with low-privileged credentials. * Critical Web Services flaw (CVSS 9+): remote unauthenticated code execution on Cisco Secure Firewalls and low-privileged attacks on IOS devices when VPN or TTP services are enabled. * CISA Emergency Directive: federal agencies must patch or disconnect Cisco devices within 24 hours — everyone else should act now. * No workarounds: upgrade immediately and restrict SNMP/Web Services to trusted hosts until patched. Why it matters: These vulnerabilities are being actively exploited right now — not theoretical. They can lead to total device compromise of routers, switches, ASA, and Firepower Systems worldwide. Take Action: Patch, limit exposure, and monitor your logs, metrics, and traces — the hallmarks of observability. I’m Peter with Plixer — Like and Subscribe to stay ahead of the latest cyber threats. https://www.darkreading.com/vulnerabilities-threats/cisco-actively-exploited-zero-day-bugs-firewalls-ios https://arstechnica.com/security/2025/09/as-many-as-2-million-cisco-devices-affected-by-actively-exploited-0-day/

Scattered Spider Hacker Busted by Food Orders & Gaming Accounts

 

Saturday Security usually focuses on doom and gloom — breaches, leaks, and ransomware. But this week’s story is almost cinematic. The Scattered Spider hacking crew allegedly extorted $115 million from more than 200 victims — even breaching the U.S. Federal Court network — only to get caught through food deliveries, crypto wallets, and gaming accounts. According to the Justice Department, 19-year-old Thalha Jubair and his team used help desk calls to hijack admin accounts, steal sensitive data, and lock down entire organizations. Some victims reportedly paid $25 million and $36 million ransoms to regain access. Investigators traced the group’s activity through cryptocurrency wallets, Uber Eats, and Steam gaming profiles, seizing $36 million in crypto and charging Jubair with over 100 counts of computer intrusion. He now faces up to 95 years in prison. It’s a wild reminder of how quickly social-engineering hacks can blow up — and how quickly they can unravel. Hit like and subscribe for more Saturday Security stories that go behind the headlines.

Vidar Infostealer Strikes Back — Inside the Updated Malware-as-a-Service Threat

 

The infamous Vidar infostealer is back — and it’s stealthier than ever. First spotted in 2018, Vidar has evolved into a powerful malware-as-a-service platform capable of stealing credentials, cookies, financial data, authentication tokens, and more from compromised systems. Aryaka’s latest research on Vidar’s newest campaign explains: • Encrypted command-and-control (C2) channels • Abuse of built-in Windows tools and PowerShell • Covert exfiltration and bypass of Windows Defender and AMSI • Randomized directories, filenames, and hidden scheduled tasks • Hooks into browser APIs to snatch passwords before encryption They also cover actionable defenses to protect yourself and your organization: user education, PowerShell hardening, anomaly detection, layered DNS filtering, secure email/web gateways, and EDR tools. Vidar isn’t going away — but with the right visibility, layered defenses, and Plixer One you can stay one step ahead. https://www.darkreading.com/endpoint-security/vidar-infostealer-back-with-vengeance https://siliconangle.com/2025/09/04/vidar-infostealer-gains-traction-among-cybercriminals-ease-use-drives-adoption/

Salesforce OAuth Breach Exposes Hundreds of Companies | Why Network Visibility Matters

 

Between August 8–18, attackers weaponized stolen OAuth tokens to silently access Salesforce instances across hundreds of companies, including industry leaders like Palo Alto Networks and Google. This wasn’t brute force. 🔒 It blended into normal traffic 🛑 Bypassed logs, SIEM rules, and firewalls 📉 Result: customer data stolen, trust broken, supply chains disrupted The wake-up call? Blind trust in third-party integrations leaves you exposed. That’s why deep, continuous network visibility is no longer optional. With an Observability and Defense Platform like Plixer One, organizations can: * Analyze real-time + historical flow data * Detect anomalies like unusual Salesforce exports * Spot credential misuse from odd locations * Trace hidden lateral movement—even if logs are erased The Salesloft Drift breach proves it: reactive defenses aren’t enough. You need clarity, context, and confidence to stay ahead. What’s your take—are companies over-trusting third-party integrations? Comment below! Like | Subscribe | Stay Informed #Salesforce #Cybersecurity #PlixerOne #DataBreach #SupplyChainSecurity

AI-Powered Cybercrime Is Here: Massive Breaches & Dark Web Dumps

 

Cyber threats are escalating fast—and now AI is making them faster, smarter, and more dangerous than ever. As August 2025 wraps up, here’s what you need to know: ✅ Anthropic reports that cybercriminals are using Claude AI to automate data extortion campaigns, targeting at least 17 organizations. AI is no longer just advising on attacks—it’s executing them. ✅ AI-generated malware is lowering the barrier to entry, enabling criminals with minimal skills to run sophisticated operations. ✅ AI is now embedded in every stage of fraud—from profiling victims and analyzing stolen data to creating fake identities and scaling scams. Meanwhile, the real-world fallout continues: Farmers Insurance: Over 1 million policyholders exposed in a third-party vendor breach (names, addresses, birthdates, driver’s license numbers). https://mashable.com/article/farmers-insurance-data-breach-disclosure-what-states-affected PayPal: 16 million logins surfaced on the dark web for $2 (email + plaintext passwords). PayPal denies a new breach, suggesting old credentials—but credential stuffing risk is massive. https://www.techradar.com/pro/massive-data-breach-sees-16-million-paypal-accounts-leaked-online-heres-what-we-know-and-how-to-stay-safe TransUnion: A Salesforce-linked breach exposed data of 4.4 million consumers, including Social Security Numbers, tied to Shiny Hunters. https://www.techradar.com/pro/security/transunion-data-breach-may-have-affected-4-4-million-users-heres-what-we-know-and-how-to-stay-safe The threat landscape is worse than ever. Stay informed. Deploy advanced detection and countermeasures like Plixer One—and stay ahead by any means possible. For a deeper dive, check out Anthropic’s Threat Intelligence Report—it’s eye-opening. https://www.anthropic.com/news/detecting-countering-misuse-aug-2025 👍 Like, Subscribe & Share to stay ahead of cyber threats. #CyberSecurity #AI #DataBreach #ThreatIntelligence #InfoSec #DarkWeb #CyberCrime #Ransomware

QR Codes Are Being Weaponized! Beware of New ‘Quishing’ Attacks

QR Code scams have leveled up! Cybercriminals are now using Quishing (QR code phishing) to trick you into giving up your credentials.

Barracuda Threat Researchers have discovered a new wave of phishing attacks called Quishing, where cybercriminals use QR codes to steal credentials. Why is this so dangerous? ✅ QR codes look harmless and can’t be read by humans ✅ They bypass traditional email filters ✅ Users scan them on mobile devices, outside company security controls Now attackers are deploying Split QR Codes (one code split into two images) and Nested QR Codes (a malicious QR hidden inside a legitimate one) to evade detection. What can you do? ✔ Security awareness training ✔ Enable Multi-Factor Authentication ✔ Deploy AI-powered email protection that can identify these advanced QR-based threats, decode links, sandbox malicious URLs, and detect anomalies in real time. https://blog.barracuda.com/2025/08/20/threat-spotlight-split-nested-qr-codes-quishing-attacks Quishing is evolving—your defenses need to evolve too. Plixer can help.