Millions of records exposed in Salesforce data leak
Scattered LAPSUS$ Hunters has leaked millions of records allegedly stolen from Salesforce customers after the company refused to pay ransom demands. The extortion group, believed to be linked to Lapsus$, Scattered Spider, and ShinyHunters, claimed it breached 39 Salesforce customers but has so far only published data from six including Albertsons, Engie Resources, Fujifilm, GAP, Qantas, and Vietnam Airlines. Qantas confirmed it’s investigating the leak and that it aligns with a July breach that exposed up to 6 million customer records through a third-party contact center.
Meanwhile, the FBI and French investigators announced the takedown of at least one of the cybercrime forums used in connection with the recent Salesforce breach. But, unfortunately while this may be a win for the good guys, it’s only a small one as the seizure of the site will not have much of an impact on the ongoing Salesforce extortion. That’s mainly because the take down only impacted the breachforums .hn site while the .onion site remains online.
(Security Week), (Infosecurity Magazine)
SimonMed breach grows from hundreds to over a million
More than 1.2 million people have been impacted by a ransomware attack on SimonMed Imaging, one of the largest medical imaging providers in the U.S. The Medusa ransomware group claimed responsibility in February, demanding 1 million USD and alleging it stole over 200 GB of data. Stolen information includes Social Security numbers, financial details, and medical records from systems accessed between January 21 and February 5. SimonMed initially reported only 500 affected individuals but has since confirmed the breach was far more extensive to say the least.
Dutch government freezes Chinese-owned chipmaker
The Dutch government has placed Chinese-owned semiconductor company Nexperia under special administrative measures, citing governance failures that threaten Dutch and European tech security. The intervention allows the government to block or reverse corporate decisions and freezes Nexperia’s global operations for a year, amid concerns the company might transfer sensitive chip technology to its China-based parent, Wingtech. Wingtech condemned the move as politically motivated and excessive, claiming foreign executives colluded with Dutch authorities to alter ownership under the guise of national security.
Huge thanks to our sponsor, Vanta
Is it “Do I have the right controls in place?”
Or “Are my vendors secure?”
….or the really scary one: “how do I get out from under these old tools and manual processes?
Enter Vanta.
Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires.
Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale.
Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit-ready—ALL…THE…TIME.
With Vanta, you get everything you need to move faster, scale confidently—and get back to sleep.
Get started at vanta.com/headlines
Harvard gets schooled by EBS vulnerability
It’s safe to assume Harvard University likes being number one—maybe that’s why the Clop ransomware gang chose the university as the first named organization linked to the Oracle E-Business Suite zero-day attacks. In all seriousness, the university is investigating a potential data breach after the Clop ransomware gang listed the school on its leak site. Harvard said the incident likely affects a small administrative unit and has applied Oracle’s patch, with no evidence of a wider system compromise.
Meanwhile, Oracle released a new emergency patch over the weekend for another E-Business Suite (EBS) vulnerability. The flaw, CVE-2025-61884, affects versions 12.2.3–12.2.14, allows unauthenticated attackers to remotely access sensitive data, and is in the Runtime UI component. It carries a CVSS score of 7.5 and can be exploited over a network without credentials. So, go patch it.
(Bleeping Computer), (Bleeping Computer)
Microsoft 365 outage
Microsoft is investigating an ongoing issue preventing some customers from accessing Microsoft 365 applications. The company is analyzing telemetry and recent service changes to determine the root cause and develop a fix. The outage follows multiple major incidents last week, including MFA-related Teams and Exchange outages and a Europe-wide disruption caused by an Azure Front Door CDN issue. Microsoft has not yet shared which regions are affected, and as of this recording the situation is still developing.
U.S. national security gets a private boost
JPMorgan Chase announced their plans to invest up to $10 billion USD in U.S. companies tied to national security, focusing on critical minerals, defense, energy independence, and strategic technologies like AI, cybersecurity, and quantum computing. This initiative is part of the bank’s $1.5 trillion USD, 10-year Security and Resiliency Initiative aimed at strengthening domestic supply chains and technological capabilities. JP Morgan’s CEO and Chairman said in a release, ‘Our security is predicated on the strength and resiliency of America’s economy. America needs more speed and investment.”