Weekly Cybersecurity Recap: WhatsApp Zero-Day, Chrome Exploit, AI-Powered Ransomware & More
The cybersecurity landscape continues to evolve at an alarming pace. This week brought a mix of zero-day vulnerabilities, AI-driven attacks, and data breaches impacting millions worldwide. Here’s a breakdown of the biggest stories security leaders need to know. WhatsApp Flaw Exposes Accounts to Takeover Risks A newly discovered zero-day in WhatsApp could allow attackers to hijack accounts simply by sending a malicious video file. Once the file is played, the attacker gains full control over the app, including chats and personal data. Users should update their apps immediately to stay protected. Chrome Under Siege: Critical Zero-Day Exploit Google rushed an emergency update after researchers identified a severe vulnerability in Chrome’s V8 engine. The flaw is already being exploited in the wild, making immediate patching essential for both personal and enterprise environments. AI-Powered Ransomware: A New Era of Threats Cybercriminals are now weaponising artificial intelligence to make ransomware smarter and more adaptive. These AI-driven strains personalise phishing attacks, evade defences, and even adjust payloads in real time. This signals a paradigm shift in how quickly ransomware can spread and how difficult it is to stop. Other Key Cybersecurity Incidents This Week Expanding Threat Landscape: Malware, Supply Chain & State-Sponsored Attacks Critical Vulnerabilities to Watch ∙ Chrome Proof-of-Concept Exploit Released: Raising risk of mass exploitation. ∙ Zip Slip Vulnerability: Malicious ZIP files may overwrite critical files when extracted. ∙ FreePBX Zero-Day: Exploited to create unauthorised admin accounts. ∙ Cisco Nexus Switch Flaw: Remote code execution vulnerability threatens enterprise infrastructure. ∙ ICS Vulnerabilities: Twelve new advisories highlight risks in industrial control systems. AI-Centered Attacks Major Data Breaches This Week Why This Matters for Security Leaders
Even Cybersecurity Giants Aren’t Immune: Zscaler Confirms Data Breach
When a global cybersecurity leader experiences a breach, it sends a loud and clear message: no organisation is untouchable in today’s digital landscape. Recently, Zscaler confirmed it was impacted by a supply-chain cyberattack. The breach originated from a third-party sales engagement platform integrated with Salesforce. This gave attackers unauthorised access to Salesforce data—without even needing to bypass multi-factor authentication. What Was Affected? The good news? Attachments, files, and Zscaler’s core security infrastructure remained untouched. Their products and services were not compromised. Why This Matters: This breach highlights a truth many leaders overlook: your security is only as strong as your weakest third-party integration. In this case, the entry point wasn’t Zscaler’s fortress—it was a connected app. Key Takeaways for Business Leaders: The Bigger Lesson: Even the best in cybersecurity can face breaches. What separates strong organisations from the rest is how quickly they respond, how well they contain the damage, and how transparently they communicate with their customers. This incident is not just a warning—it’s a playbook for resilience. What’s your take? Do you think companies are doing enough to secure their third-party integrations, or is this the next big cybersecurity blind spot?
Governing AI Agents in the Enterprise: Building Trust, Compliance, and Value
Introduction AI agents are no longer a futuristic concept. From autonomous chatbots to workflow assistants, they are becoming an integral part of how enterprises operate. But with great autonomy comes great responsibility. Without strong governance, AI agents can misinterpret data, expose sensitive information, or introduce bias into critical decisions. This is why governing AI agents is not just a compliance requirement—it’s a business enabler. Done right, governance builds trust, strengthens compliance, and accelerates innovation. Why AI Agent Governance Matters AI agents act like digital employees: they access systems, process sensitive data, and make decisions at scale. Unlike humans, they operate 24/7, without fatigue, and often with greater access privileges. Without oversight, the risks multiply: Recent surveys show that 80% of enterprises using AI agents have experienced unintended behaviors, from privacy violations to security gaps. Governance is how we stay ahead of these risks. Technical Governance: Monitoring the Machines Case in Point: Thomson Reuters built a governance platform that continuously monitors every model for drift and bias, ensuring lawyers and businesses receive fair, reliable insights. Organizational & Policy Governance: Embedding Responsibility Case in Point: Salesforce established an Office of Ethical & Humane Use with policies around accuracy, transparency, and bias, embedding trust in their AI products. Case Studies: Lessons from the Field Best Practices for Enterprises Conclusion AI governance isn’t a burden—it’s a competitive advantage. Enterprises that invest in governing AI agents build stronger trust, reduce risks, and extract more business value. The message is clear: treat AI agents as responsible digital citizens of the enterprise. With thoughtful governance, they can drive innovation, efficiency, and growth—without compromising ethics, security, or compliance.
How Deepfakes and AI Phishing Will Trick Millions in 2025—and What You Can Do About It
Artificial intelligence is rapidly changing the cybercrime landscape in 2025. Deepfake scams—where AI tools manipulate video, audio, or images to impersonate real people—have exploded worldwide, with attacks costing organisations and individuals billions in losses every year. What’s Happening Now? How Do AI Scammers Operate? How to Spot and Stop AI Scams Real-World Defensive Actions Final Takeaway AI-driven fraud is now the most urgent cybersecurity challenge. By understanding how these scams work and practising everyday caution—verifying unexpected communications and securing accounts—everyone can significantly lower the risk.
When Cybersecurity Becomes a Power Play: Hackers Threaten Google with Data Leak Unless Two Employees Are Fired
In a dramatic escalation of cyber threats, a hacker group identifying itself as “Scattered LapSus Hunters” has delivered a chilling ultimatum to Google: fire two of its top threat intelligence professionals—or face a significant data leak. While the hackers have not provided any evidence of a breach, the very nature of the demand marks a dangerous evolution in cybercrime. It’s no longer just about stealing data—it’s about influencing corporate decisions. The Attackers: A Dangerous Alliance The name “Scattered LapSus Hunters” appears to be a mash-up of some of the most notorious hacking groups in recent memory—Scattered Spider, Lapsus$, and ShinyHunters. Each has made headlines for data breaches, social engineering attacks, and cyber-extortion targeting some of the world’s largest companies. This latest move suggests a shift in tactics. The goal isn’t just disruption—it’s coercion. A Salesforce Breach in the Background Although Google has denied any breach of its core systems, the backdrop to this threat appears to involve a third-party incident. Hackers reportedly accessed data through Salesforce, which Google uses for managing client relationships. The compromised data includes business contact information—enough to power large-scale phishing and social engineering campaigns. In response, Google urged users to reset passwords and enable two-factor authentication, though the company emphasized that sensitive data like Gmail login credentials were not compromised. What Makes This Incident Different? Here’s why this case is raising eyebrows across the tech and security communities: What It Means for Business Leaders and Security Teams Final Thoughts This is a clear signal that cybercriminals are evolving—not just in their tools, but in their tactics. As influence becomes the new weapon, organizations must adopt a holistic, proactive approach to cybersecurity. What’s your take on this shift in the threat landscape? Are we prepared for a future where cyberattacks come with personnel ultimatums? Let’s talk about it.
When Even Cybersecurity Giants Get Breached: Tenable Confirms Supply-Chain Attack
In today’s interconnected world, no organisation is truly isolated from cyber threats. This week, Tenable, one of the most trusted names in vulnerability management, confirmed that it had been impacted by a supply-chain attack targeting Salesforce integrations. While the breach was contained quickly and did not affect Tenable’s core products, it shines a spotlight on a growing blind spot: third-party risk. What Happened Between August 8 and August 18, attackers exploited a compromised third-party integration between Salesforce and Salesloft Drift. Using stolen OAuth tokens, they accessed parts of Tenable’s Salesforce environment. The information exposed was limited but sensitive in context: Crucially, Tenable confirmed that its core infrastructure, products, and customer environments remain unaffected. Tenable’s Response Tenable’s security team moved swiftly: So far, there is no evidence that the stolen data has been misused. Why This Matters This incident is not about one company—it’s about an industry-wide reality. Even the best-resourced security providers can be breached not through their own defences, but through the weak points in their digital supply chains. Four lessons stand out: The Bigger Picture The Tenable breach is part of a larger campaign impacting multiple enterprises across industries. It underscores a hard truth: your security is only as strong as your weakest integration. In a landscape where supply chains are deeply interconnected, organisations must expand their cybersecurity lens beyond the perimeter and secure the entire ecosystem of tools, partners, and platforms they depend on. Cybersecurity resilience isn’t about preventing every attack—it’s about detecting, containing, and communicating quickly when incidents occur. Tenable’s response shows that while breaches may be inevitable, trust can still be preserved through speed and transparency. 💬 What’s your perspective? Are organizations giving enough strategic attention to supply-chain risks, or is this still the biggest blind spot in enterprise cybersecurity?
HackerOne Confirms Data Breach: Salesforce Records Accessed via Third-Party Compromise
On August 22, 2025, HackerOne—one of the world’s most trusted bug bounty and vulnerability disclosure platforms—was alerted to suspicious activity within its Salesforce environment. The root cause was quickly traced back to a compromise of Drift, a third-party application owned by Salesloft, which had been integrated with Salesforce. By August 23, Salesloft confirmed the incident, and HackerOne’s security team immediately launched its incident response protocols, prioritising containment, investigation, and transparency. What Was Impacted What Was Not Impacted Why This Matters This breach is part of a wider supply-chain attack targeting SaaS integrations. It highlights a critical reality: Key Takeaways for Organisations From Wiseman Cybersec
Fortinet FortiDDoS-F OS command-injection (CVE-2024-45325) and what organisations must do now
Executive summary (TL;DR) A command-injection vulnerability has been disclosed in Fortinet’s FortiDDoS-F appliances. It is tracked as CVE-2024-45325 and affects certain 7.0.x releases of FortiDDoS-F; Fortinet has published PSIRT guidance and patched builds. The flaw allows a privileged attacker with CLI access to run unauthorised OS commands on the device, potentially enabling configuration tampering, service disruption, or defeat of DDoS protections. A public proof-of-concept exists, so organisations should treat this as an active risk and act quickly: verify exposure, apply vendor fixes, and harden management/CLI access. What the vulnerability is (technical summary) Affected versions & vendor guidance (what Fortinet says) Fortinet’s PSIRT lists the affected releases and the versions containing fixes — e.g., certain 7.0.0–7.0.2 builds are impacted and should be upgraded to patched 7.0.3+ versions (7.2 series reported as not affected in the advisory). Customers should follow the FortiGuard/PSIRT advisory and upgrade to the vendor-recommended releases. Why this matters (operational impact) Because FortiDDoS devices sit in the traffic path to protect availability, compromise of one can have outsized effects: Current threat environment Public write-ups and vulnerability trackers report that a PoC is available in the public domain — this increases the urgency because risk of weaponisation and opportunistic scans rises rapidly. Assume attackers will attempt credential stuffing, brute force, or supply-chain approaches to gain the required privileged access. Detection & forensics — what to look for (practical signals) Key places to check immediately: Immediate action plan (0–72 hours) Medium & long-term recommendations (post-patch) (For Fortinet-specific hardening steps, see Fortinet’s system hardening guidance.) If you cannot patch immediately, temporary controls Incident response checklist (if compromise suspected) Communications — short template for stakeholders We have identified that Fortinet FortiDDoS-F appliances are affected by a known OS command injection vulnerability (CVE-2024-45325). We have initiated an immediate mitigation and incident-hunting process: management plane access is being restricted, affected devices are being assessed for the vendor-recommended patch, and logs have been preserved for forensic review. We will notify if evidence of compromise is found and provide next steps for impacted services. Wiseman CyberSec — how we can help From a practical, hands-on perspective, Wiseman can: If you want, we’ll produce a prioritised remediation roadmap for your environment (no audit required, we’ll use the telemetry you already have). Final notes & cautions
Windows BitLocker Vulnerabilities Could Allow Privilege Escalation
On September 9, 2025, Microsoft disclosed two new vulnerabilities in Windows BitLocker, its widely used full-disk encryption technology. Both flaws have been classified as “Important” and pose a serious risk if left unpatched. Key Details Why This Matters BitLocker is designed to protect sensitive data at rest, especially in enterprise and government environments. But these flaws highlight a key risk: if an attacker gains initial access, they could potentially bypass critical security boundaries. In today’s landscape, even “less likely” vulnerabilities deserve attention—because sophisticated adversaries are increasingly chaining bugs together to achieve privilege escalation. What Security Teams Should Do Stay vigilant – Monitor for abnormal privilege escalation attempts in your environment. Patch immediately – Ensure all systems are updated with the latest September 2025 security patches. Audit privileged access – Limit who can log in locally and enforce least-privilege principles. Layer defences – BitLocker is strong, but it cannot compensate for weak endpoint hygiene or unpatched systems.
Elastic Security Incident Triggered by Salesloft Drift Breach
September 2025 – Elastic confirmed that it was affected by a third-party security incident originating from a breach in the Salesloft Drift platform. Although Elastic’s core Salesforce systems remained secure, the event underscores the risk of interconnected SaaS tools and the importance of proactive incident response. Incident Summary Why This Matters Key Takeaways for Security Teams Embed proactive incident response. Don’t wait for notification—kick off investigations at the first sign of upstream compromise. Monitor all integrations. Even non-critical interfaces like email connectors should be reviewed regularly for exposure risks. Enable rapid containment. Ensure you can disable third-party integrations quickly if compromise is suspected. Audit incoming communications. Be wary of emails arriving through integrated tools—especially ones carrying credentials or access details. Reassure stakeholders clearly. After assessment, communicate what was (and wasn’t) affected to maintain trust.
