When Even Cybersecurity Giants Get Breached: Tenable Confirms Supply-Chain Attack
In today’s interconnected world, no organisation is truly isolated from cyber threats. This week, Tenable, one of the most trusted names in vulnerability management, confirmed that it had been impacted by a supply-chain attack targeting Salesforce integrations. While the breach was contained quickly and did not affect Tenable’s core products, it shines a spotlight on a growing blind spot: third-party risk. What Happened Between August 8 and August 18, attackers exploited a compromised third-party integration between Salesforce and Salesloft Drift. Using stolen OAuth tokens, they accessed parts of Tenable’s Salesforce environment. The information exposed was limited but sensitive in context: Crucially, Tenable confirmed that its core infrastructure, products, and customer environments remain unaffected. Tenable’s Response Tenable’s security team moved swiftly: So far, there is no evidence that the stolen data has been misused. Why This Matters This incident is not about one company—it’s about an industry-wide reality. Even the best-resourced security providers can be breached not through their own defences, but through the weak points in their digital supply chains. Four lessons stand out: The Bigger Picture The Tenable breach is part of a larger campaign impacting multiple enterprises across industries. It underscores a hard truth: your security is only as strong as your weakest integration. In a landscape where supply chains are deeply interconnected, organisations must expand their cybersecurity lens beyond the perimeter and secure the entire ecosystem of tools, partners, and platforms they depend on. Cybersecurity resilience isn’t about preventing every attack—it’s about detecting, containing, and communicating quickly when incidents occur. Tenable’s response shows that while breaches may be inevitable, trust can still be preserved through speed and transparency. 💬 What’s your perspective? Are organizations giving enough strategic attention to supply-chain risks, or is this still the biggest blind spot in enterprise cybersecurity?
HackerOne Confirms Data Breach: Salesforce Records Accessed via Third-Party Compromise
On August 22, 2025, HackerOne—one of the world’s most trusted bug bounty and vulnerability disclosure platforms—was alerted to suspicious activity within its Salesforce environment. The root cause was quickly traced back to a compromise of Drift, a third-party application owned by Salesloft, which had been integrated with Salesforce. By August 23, Salesloft confirmed the incident, and HackerOne’s security team immediately launched its incident response protocols, prioritising containment, investigation, and transparency. What Was Impacted What Was Not Impacted Why This Matters This breach is part of a wider supply-chain attack targeting SaaS integrations. It highlights a critical reality: Key Takeaways for Organisations From Wiseman Cybersec
Fortinet FortiDDoS-F OS command-injection (CVE-2024-45325) and what organisations must do now
Executive summary (TL;DR) A command-injection vulnerability has been disclosed in Fortinet’s FortiDDoS-F appliances. It is tracked as CVE-2024-45325 and affects certain 7.0.x releases of FortiDDoS-F; Fortinet has published PSIRT guidance and patched builds. The flaw allows a privileged attacker with CLI access to run unauthorised OS commands on the device, potentially enabling configuration tampering, service disruption, or defeat of DDoS protections. A public proof-of-concept exists, so organisations should treat this as an active risk and act quickly: verify exposure, apply vendor fixes, and harden management/CLI access. What the vulnerability is (technical summary) Affected versions & vendor guidance (what Fortinet says) Fortinet’s PSIRT lists the affected releases and the versions containing fixes — e.g., certain 7.0.0–7.0.2 builds are impacted and should be upgraded to patched 7.0.3+ versions (7.2 series reported as not affected in the advisory). Customers should follow the FortiGuard/PSIRT advisory and upgrade to the vendor-recommended releases. Why this matters (operational impact) Because FortiDDoS devices sit in the traffic path to protect availability, compromise of one can have outsized effects: Current threat environment Public write-ups and vulnerability trackers report that a PoC is available in the public domain — this increases the urgency because risk of weaponisation and opportunistic scans rises rapidly. Assume attackers will attempt credential stuffing, brute force, or supply-chain approaches to gain the required privileged access. Detection & forensics — what to look for (practical signals) Key places to check immediately: Immediate action plan (0–72 hours) Medium & long-term recommendations (post-patch) (For Fortinet-specific hardening steps, see Fortinet’s system hardening guidance.) If you cannot patch immediately, temporary controls Incident response checklist (if compromise suspected) Communications — short template for stakeholders We have identified that Fortinet FortiDDoS-F appliances are affected by a known OS command injection vulnerability (CVE-2024-45325). We have initiated an immediate mitigation and incident-hunting process: management plane access is being restricted, affected devices are being assessed for the vendor-recommended patch, and logs have been preserved for forensic review. We will notify if evidence of compromise is found and provide next steps for impacted services. Wiseman CyberSec — how we can help From a practical, hands-on perspective, Wiseman can: If you want, we’ll produce a prioritised remediation roadmap for your environment (no audit required, we’ll use the telemetry you already have). Final notes & cautions
Windows BitLocker Vulnerabilities Could Allow Privilege Escalation
On September 9, 2025, Microsoft disclosed two new vulnerabilities in Windows BitLocker, its widely used full-disk encryption technology. Both flaws have been classified as “Important” and pose a serious risk if left unpatched. Key Details Why This Matters BitLocker is designed to protect sensitive data at rest, especially in enterprise and government environments. But these flaws highlight a key risk: if an attacker gains initial access, they could potentially bypass critical security boundaries. In today’s landscape, even “less likely” vulnerabilities deserve attention—because sophisticated adversaries are increasingly chaining bugs together to achieve privilege escalation. What Security Teams Should Do Stay vigilant – Monitor for abnormal privilege escalation attempts in your environment. Patch immediately – Ensure all systems are updated with the latest September 2025 security patches. Audit privileged access – Limit who can log in locally and enforce least-privilege principles. Layer defences – BitLocker is strong, but it cannot compensate for weak endpoint hygiene or unpatched systems.
Elastic Security Incident Triggered by Salesloft Drift Breach
September 2025 – Elastic confirmed that it was affected by a third-party security incident originating from a breach in the Salesloft Drift platform. Although Elastic’s core Salesforce systems remained secure, the event underscores the risk of interconnected SaaS tools and the importance of proactive incident response. Incident Summary Why This Matters Key Takeaways for Security Teams Embed proactive incident response. Don’t wait for notification—kick off investigations at the first sign of upstream compromise. Monitor all integrations. Even non-critical interfaces like email connectors should be reviewed regularly for exposure risks. Enable rapid containment. Ensure you can disable third-party integrations quickly if compromise is suspected. Audit incoming communications. Be wary of emails arriving through integrated tools—especially ones carrying credentials or access details. Reassure stakeholders clearly. After assessment, communicate what was (and wasn’t) affected to maintain trust.
Russian APT Targets Kazakhstan’s Oil Giant — a wake-up call for critical infrastructure
A targeted phishing campaign hit employees tied to a major Kazakh oil company — using convincing internal lures, ZIP + LNK droppers, PowerShell staging and a 64-bit DLL implant. Whether it was a real intrusion or a simulated exercise, the techniques are real — and your energy/OT estate must be ready. Incident Overview Researchers tracked a spear-phishing campaign (Operation BarrelFire, attributed to a group known as NoisyBear) that targeted employees in the finance department of firms linked to Kazakhstan’s oil & gas sector. Attackers impersonated internal IT or HR teams, sending messages about salary updates or policy changes to create urgency. Attached ZIP files contained a deceptive document, a Windows shortcut (LNK) downloader, and a README note. The chain moved from LNK → obfuscated PowerShell → a 64-bit DLL implant injected into a suspended process. Once loaded, the implant opened a reverse shell for attacker control. Infrastructure was hosted on “bulletproof” providers in Russia, resilient against takedown or law enforcement intervention. Important Context The targeted company later reported that the incident was part of an internal phishing simulation exercise, not a confirmed intrusion into operational systems. Still, the observed techniques mirror those frequently used by advanced persistent threat (APT) actors against energy and critical infrastructure. This means defenders should treat these tactics as credible adversary tradecraft and prepare accordingly. Why This Matters Defensive Focus Areas (practical guidance) 1. User Awareness & Phishing Hygiene Finance, HR, and IT staff must be trained to detect impersonation and social engineering attempts. Even internal-looking requests should be verified. Attackers are no longer relying only on exploits — they weaponize trust. 2. Credential Hygiene & Access Control Enforce strong multi-factor authentication, limit user privileges, and continuously monitor for unusual credential use — especially among high-value departments. Compromised credentials remain the gateway for most APT operations. 3. Segmentation & Isolation Separate sensitive systems, including finance servers, OT environments, and OT-IT bridges. Integration pathways must be tightly controlled. Even if one system is compromised, segmentation limits the blast radius. 4. Threat Intelligence & Monitoring Actively monitor for indicators linked to bulletproof hosting infrastructure. On endpoints, watch for unusual LNK execution, PowerShell activity, or DLL injection behaviors. Early detection directly reduces attacker dwell time. 5. Incident Response Readiness Develop playbooks tailored for APT-style intrusions. Plans should cover compromise triage, forensic capture, internal/external communications, and escalation steps. Unlike typical breaches, APT operations require extended investigation and response cycles. Practical Response Steps Final Thoughts Even though this case may have been a controlled simulation, the techniques observed are actively leveraged by Russian-aligned threat groups and others targeting critical infrastructure. The lesson is clear: resilience requires not just technology, but trained people, hardened processes, and rehearsed response plans.
Chinese APT Deploys Fileless Malware in Military Espionage Campaign
September 2025 – A newly uncovered cyber-espionage campaign reveals just how far nation-state attackers are pushing stealth and persistence. Researchers have attributed the operation to a Chinese advanced persistent threat (APT) group, which has been targeting military organisations in the Asia-Pacific region with a fileless malware toolkit dubbed EggStreme. The Attack in Detail Strategic Implications Defensive Recommendations Incident Response Preparedness – Equip teams to capture volatile memory data and respond quickly to fileless threats, which may leave minimal forensic evidence. Adopt Memory-Level Detection – Invest in endpoint detection and response (EDR) capable of monitoring unusual memory injection and runtime behaviour. Strengthen Segmentation – Limit lateral movement opportunities with strict network segmentation and egress controls. Enforce Least Privilege – Harden accounts and credentials to reduce the ability of malware to escalate privileges or persist. Threat Hunting & Intelligence – Actively hunt for behavioural indicators of EggStreme-like campaigns and share findings across industry channels.
Fake Aadhaar Software Scam Busted in Bareilly — What We Know & What It Means
Bareilly, Uttar Pradesh — In a major crackdown, local law enforcement has exposed an elaborate forgery racket operating under the guise of a public service centre. The gang specialised in creating fake Aadhaar cards, among other government-issued documents, using software, printers, scanners, and foreign domain services. The incident shines a light on how identity fraud is becoming more sophisticated and the urgent need for vigilance. The Scam: How It Worked Law Enforcement Action & Arrests Implications & Risks What Can Be Done: Preventive Measures For citizens, organisations, and policymakers: Local police, cybercrime units, and UIDAI should maintain hotlines or online portals for spoof/fake document complaints. Encourage citizens to report suspicious service centres or mandates.
Cyber Shadows: Pakistani Hackers Renew Targeted Attacks on Indian Government Entities
Indian government and defence agencies are once again in the crosshairs of Pakistan-linked threat actors. Security researchers have uncovered a new wave of espionage campaigns designed to infiltrate critical departments, steal credentials, and establish persistent backdoors. How the Campaign Operates Impact & Strategic Context Defence Recommendations AI-Based Social Engineering Attacks What’s Happening? AI tools are helping attackers: Top Risks Hyper-Personalised Phishing Deepfake CEO/Vendor Fraud Automated Reconnaissance Multi-Channel Attacks Credential Harvesting via Chatbots How to Stay Safe Verify out-of-band — Always confirm unusual requests via a separate channel. ✔️ Strong MFA — Use phishing-resistant authentication (not just SMS). ✔️ Finance controls — Require dual approval for transfers & payroll changes. ✔️ Awareness training — Teach teams to spot deepfakes & AI-crafted phishing. ✔️ Limit exposure — Reduce sensitive info shared in public profiles/posts. Key Takeaway AI makes social engineering smarter, faster, and harder to spot. Your best defence: verify, educate, and secure processes.
Major Security Flaw Discovered in LG WebOS Smart TVs — Root Access & Device Takeover Possible
Security researchers have uncovered a critical set of vulnerabilities in LG’s WebOS operating system for smart televisions. These flaws allow attackers on the same local network—or in some cases over exposed ports—to bypass authentication, escalate privileges, and in worst-case scenarios, gain full control of the device. This risks more than just a hacked TV. What the Vulnerabilities Allow Scope of Impact Risk Implications What Users & Owners Should Do Why This Matters Smart TVs are no longer simple appliances but fully networked devices with broad access to personal data and connected services. A vulnerability in such devices doesn’t just compromise entertainment—it can compromise privacy, security, and trust. For manufacturers: this is a reminder that every network-exposed service, even ones meant for convenience, must be hardened and regularly audited.
