A recent advisory from Google and Mandiant has uncovered a significant data breach involving Salesforce, where the threat actor UNC6395 deployed stolen OAuth tokens to bypass Multi-Factor Authentication (MFA). Organizations are urged to take steps to protect non-human identities to prevent similar breaches. According to the advisory from the Google…
June 28, 2025
Cybercrime / Vulnerability
The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…
FBI Issues Alert on Scattered Spider’s Growing Attacks Against Airlines Through Social Engineering On June 28, 2025, the Federal Bureau of Investigation (FBI) issued a warning regarding the cybercrime group known as Scattered Spider, which has notably expanded its attack vector to include the aviation sector. In light of this…
June 28, 2025
Cybercrime / Vulnerability
The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…
In a significant security incident, Google has acknowledged that one of its internal databases was compromised by the notorious cybercriminal group known as ShinyHunters (also identified as UNC6040). The Google Threat Intelligence Group (GTIC) reported that the unauthorized access to its Salesforce database occurred in June and involved the exposure…
Late last week, FlexMLS and Matrix, two of the nation’s largest multiple listing services (MLS), fell victim to data breaches that have raised significant concerns among their members. The breaches reportedly compromised member login credentials, leading to a wave of phishing attempts. In response, both organizations advised all members to…
Recent months have seen a significant surge in cyberattacks targeting well-known retailers, including Marks & Spencer, Harrods, and Victoria’s Secret. This alarming trend has prompted industry experts to advocate for heightened investments in cybersecurity and digital resilience among retail brands. The vast online presence of these companies, coupled with the…
Recent developments in cybersecurity have once again put the spotlight on data privacy laws in Australia, particularly following a significant cyber attack targeting Qantas Airways. Legal representatives from Maurice Blackburn have filed a formal complaint with the Office of the Australian Information Commissioner (OAIC), advocating for millions of customers affected…
Overview In a troubling cybersecurity development, luxury fashion powerhouse Louis Vuitton has confirmed that a data breach occurred on July 2, impacting customers in the United Kingdom. This incident marks the third significant attack against its parent company, LVMH, within a span of just three months. The breach exposed sensitive…
Qantas Cyberattack Exposes Sensitive Data of Millions, Underlining Third-Party Risks Qantas, the national airline of Australia, has reported a significant cyberattack that has compromised the personal information of approximately 5.7 million customers. This breach, which targeted a third-party call center platform, raises pressing concerns about cybersecurity across the aviation industry…
The recent data breach involving Qantas Airways has reignited concerns over the safety of personal information shared online, particularly in the current climate of escalating cyber threats. As one of Australia’s leading airlines, Qantas now finds itself among a growing list of major companies that have fallen victim to cybercriminal…
