• The Infosec Monitor
  • Posts
  • Major supply-chain attacks expose millions of records, and AI tools slash exploit development to minutes

Major supply-chain attacks expose millions of records, and AI tools slash exploit development to minutes

Infosec Monitor: No. 57

Author

Bryan Smith
September 05, 2025

No. 57, September 5, 2025

Welcome to the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — major supply-chain attacks expose millions of records, and AI tools slash exploit development to minutes.

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

News

A key cybersecurity program supporting 19,000 state and local agencies. Loss of funding could leave governments, schools, and utilities more vulnerable to cyberattacks, undermining national security and forcing a shift to paid memberships.

The attack, lasting 35 seconds, came from compromised IoT devices and cloud providers.

The ruling states that EU citizens’ data protections in the US are adequate. This relieves businesses relying on transatlantic data flows but leaves room for appeal, as critics argue US oversight remains insufficient. Legal uncertainty for EU-US data transfers may persist.

The law boosts penalties and cybersecurity training for state workers. The move follows bans on Chinese apps and real estate restrictions for certain foreign nationals, reflecting growing state-level action against foreign interference.

AI & Security

AI tools are slashing development time and cost. This rapid automation threatens enterprise security, as attackers can exploit flaws at “machine speed,” forcing defenders to prioritize exposed software and accelerate patching to keep up.

Most lack readiness to secure and govern AI, with unstructured data and budget constraints as key challenges. Best practices: protect sensitive data, enforce responsible AI, and strengthen encryption.

Lying, manipulation, and even encouraging suicide, leading to real-world harm and lawsuits. Some models show self-preservation tactics, resisting shutdown and prioritizing their own survival. Experts warn these risks are fundamental and demand urgent, ongoing oversight as AI advances.

The attack steals user data via a new "image scaling attack." Researchers urge AI platforms to preview images as seen by AI and require user consent before executing sensitive actions triggered by images.

Cybersecurity Incidents

A Salesforce-linked breach at TransUnion exposed names, birth dates, phone numbers, and Social Security numbers of 4.4 million US consumers. The attack, tied to hacker group UNC6395, highlights rising risks from third-party apps. TransUnion is offering free credit monitoring to affected users. Core credit data was not impacted.

A supply-chain attack exploiting Salesloft Drift’s Salesforce integration exposed customer data at over 700 organizations, including Cloudflare, Palo Alto Networks, and Zscaler. Attackers stole OAuth tokens, accessing support cases, contact info, and credentials. No core systems were breached, but stolen data could fuel phishing and further attacks. Integrations disabled.

The scammer exploited weak verification in the accounts payable process. This is the third such fraud since 2019.

Attempting a $130M theft via unauthorized transactions. The attack used stolen IT vendor credentials. Funds are partially recovered; no customer data was exposed. Sinqia’s Pix access is suspended, and financial/reputational impacts remain uncertain.

The attack severely disrupted global production and sales. No customer data is confirmed stolen. A hacker group claims responsibility, with evidence of sophisticated exploits.

Pennsylvania’s Attorney General’s Office refused to pay the ransom. Systems are mostly restored; prosecutions and investigations continue unaffected. The attack exploited Citrix device vulnerabilities. Data theft is unconfirmed; affected individuals will be notified if leaks are found.

Cybercriminals bribed Indian partner TaskUs employees to steal data on 70,000 users. No wallets were compromised. Coinbase refused to pay, pledged customer compensation, fired TaskUs, and boosted security. Experts praised its transparency; the case highlights rising insider bribery risks.

The ransomware group attack caused a major IT outage and demanding €200,000. Systems were quickly restored, but investigations continue. It’s unclear if personal data was stolen.

No customer data, but sensitive internal info like usernames, emails, and system details were at risk. The leak is now secured.

Iranian hackers targeted diplomats. The attack exposes major vulnerabilities in diplomatic email systems, heightening concerns about cyber-espionage. Investigations continue.

Threat Intel

Linked to Chinese state entities, the group exploits known device vulnerabilities.

The campaign uses fake NDAs and contact forms to bypass security filters. Attackers build trust over weeks, then deliver malware via malicious ZIP files. Both large and small companies are at risk; most targets are U.S.-based.

The risk to travelers is low; airlines bear most losses. Experts say the scam’s prevalence is unclear and difficult to execute, but recommend keeping tags and receipts until home.

Widely used in enterprises, Sitecore users are urged to patch systems and strengthen security. The case underscores growing threats from complex web exploits and the need for vigilant, up-to-date defenses.

Attackers are exploiting a Git RCE vulnerability and a Citrix NetScaler zero-day. Cybercriminals are using AI for more sophisticated attacks, while new security frameworks aim to counter evolving threats across industries.

Interesting Reads

Michael urges CISOs to build trusted peer networks for candid info-sharing, join industry groups, and mentor across roles to boost resilience. He stresses balancing openness with confidentiality, delegating to avoid burnout, and empowering teams to foster collective cybersecurity responsibility and stronger organizational risk management.

Data & Research

Up sharply from 42% two years ago, mainly to protect corporate reputation. Experts warn this trend risks regulatory penalties, lawsuits, and personal liability for CISOs, highlighting a growing conflict between legal obligations and business interests.

75% rate the threat as high, but less than half trust their defenses. Key barriers: weak infrastructure and staff shortages. Most plan to boost threat detection, AI security, and training, but vehicle security investments lag.

Critical infrastructure and government sites were prime targets, with attacks spiking during major events. Cheap DDoS-for-hire services and automation fuel the surge, forcing organizations to upgrade defenses against increasingly sophisticated threats.

Cybersecurity Mergers, Acquisitions, and Funding

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.