IT Security Newsletter - 9/2/25
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft. READ MORE...
Tesla denied having fatal crash data until a hacker found it
At the beginning of the month, Tesla was found partly liable in a wrongful death lawsuit involving the death of a pedestrian in Florida in 2019. The automaker-which could have settled the case for far less-claimed that it did not have the fatal crash's data. That's until a hacker was able to recover it from the crashed car, according to a report in The Washington Post. READ MORE...
Amazon disrupts Russian APT29 hackers targeting Microsoft 365
Researchers have disrupted an operation attributed to the Russian state-sponsored threat group Midnight Blizzard, which sought access to Microsoft 365 accounts and data. Also known as APT29, the hacker group compromised websites in a watering hole campaign to redirect selected targets "to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft's device code authentication flow." READ MORE...
Cybersecurity signals: Connecting controls and incident outcomes
There is constant pressure on security leaders to decide which controls deserve the most attention and budget. A new study offers evidence on which measures are most closely linked to lower breach risk and how organizations should think about deploying them. Marsh McLennan's Cyber Risk Intelligence Center (CRIC) analyzed thousands of organizations' responses to its Cyber Self-Assessment and compared them with claims data. READ MORE...
Complexity and AI put identity protection to the test
Identity has become a core pillar of cybersecurity strategy. Remote work, cloud-first adoption, and distributed supply chains have moved identity from "a tactical IT consideration to a strategic pillar of cybersecurity," according to Cisco Duo's 2025 State of Identity Security report. The study is based on a survey of 650 IT and security leaders across North America and Europe. READ MORE...
WhatsApp fixes vulnerability used in zero-click attacks
WhatsApp says it has issued an update to patch a vulnerability that has been used in conjunction with an Apple vulnerability to target specific users and compromise their devices. Reportedly, attackers used this exploit against dozens of WhatsApp users, and WhatsApp has notified those affected. WhatsApp advised the affected users to perform a full factory reset of their phone in order to make sure they are rid of the malware. READ MORE...
- ...in 1752, Great Britain adopts the Gregorian calendar.
- ...in 1929, film director Hal Ashby ("Harold and Maude", "Being There") is born in Ogden, UT.
- ...in 1945, Japan formally surrenders to the Allied powers, with Foreign Minister Mamoru Shigemitsu signing the agreement aboard the battleship USS Missouri in Tokyo Bay.
- ...in 1963, the CBS Evening News becomes US network television's first half-hour weeknight news broadcast.