Hacker Group Claims Theft of Nearly 1 Billion Salesforce Records; Company Denies Breach

/in /tarafından

A hacker collective calling itself “Scattered LAPSUS$ Hunters” claims to have stolen nearly 1 billion records linked to Salesforce, the global cloud software giant, by targeting companies that use its platform. The group—believed to be behind recent ransomware attacks on major U.K. retailers including Marks & Spencer, Co-op, and Jaguar Land Rover—told Reuters the stolen data contains personally identifiable information (PII).

Salesforce, however, firmly denied that its systems were compromised. “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology,” a company spokesperson said.

One hacker, identifying themselves as “Shiny,” told Reuters that the group did not directly hack Salesforce infrastructure but instead exploited its customers through “vishing”—a voice-phishing technique where attackers impersonate employees in calls to IT help desks to gain system access.

The group published a leak site on the dark web on Friday listing around 40 allegedly hacked companies, though it remains unclear how many are Salesforce clients. Both Salesforce and the hackers declined to confirm whether any ransom demands had been made.

In a June report, Google’s Threat Intelligence Group (TAG)—which tracks the hackers as “UNC6040”—said the group had been highly effective at deceiving employees into installing modified versions of Salesforce’s Data Loader, a proprietary tool used to import large volumes of customer data.

Google researchers also noted that the attackers’ infrastructure overlaps with an amorphous cybercriminal network known as “The Com”, a loosely connected ecosystem infamous for social engineering, ransomware, and even violent activity.

The claims come amid an ongoing U.K. police investigation into the earlier wave of cyberattacks that disrupted retail operations nationwide. In July, authorities arrested four individuals under 21 suspected of involvement in the breaches.

While Salesforce’s denial suggests its core systems remain intact, the episode underscores a growing cybersecurity challenge: attackers are increasingly bypassing well-secured platforms by manipulating the humans who use them.

As digital ecosystems become ever more interconnected, the breach—real or exaggerated—illustrates how even the most secure cloud providers can be dragged into the fallout of their customers’ weakest link: trust.

AI Chipmaker Cerebras Withdraws U.S. IPO Filing After $1.1 Billion Fundraising Round

/in /tarafından

Cerebras Systems, the California-based AI chip startup seen as one of the most promising challengers to Nvidia, has withdrawn its planned U.S. initial public offering (IPO), according to a regulatory filing on Friday. The decision takes effect immediately and comes just days after the company closed a massive $1.1 billion funding round.

The move surprised some investors given that U.S. IPO activity has recently rebounded sharply, buoyed by surging enthusiasm for AI-related stocks. Recent debuts, such as Fermi’s data center REIT listing, have drawn strong investor demand, reversing a slump caused by trade-policy and market uncertainty earlier in the year.

Analysts said the withdrawal likely reflects strategic timing rather than weak market sentiment. “Given that Cerebras just very recently completed a sizeable fund raise, it is of no surprise that they are holding off to pursue the IPO at this time,” said Josef Schuster, CEO of IPO research firm IPOX.

Cerebras’ latest financing round—led by Fidelity Management & Research and Atreides Management—valued the company at $8.1 billion and included participation from Tiger Global, Valor Equity Partners, and 1789 Capital, a fund partially linked to Donald Trump Jr.

Despite withdrawing the IPO filing, CEO Andrew Feldman emphasized that the company still intends to go public eventually. “We’re continuing to execute on our roadmap,” he said earlier in the week, noting that Cerebras’ focus remains on scaling production and commercialization of its high-performance AI chips designed to accelerate the training of large models.

The company had initially filed for a Nasdaq listing last year, but the process was delayed by a U.S. national security review of a $335 million investment from G42, an Abu Dhabi-based cloud and AI firm. That review reportedly examined potential concerns about foreign influence and technology transfer.

Industry observers view Cerebras’ decision as a pause, not a retreat. “This is more a company-specific strategic decision and does not tell us anything about the state of U.S. IPO sentiment, which we view as exceptionally strong,” Schuster added.

Founded in Sunnyvale, California, Cerebras Systems specializes in ultra-large AI processors and computing systems, including its flagship Wafer Scale Engine (WSE), a chip designed to massively outperform traditional GPUs in AI workloads. The company has become a key player in the rapidly expanding AI hardware ecosystem—one now defined by fierce competition, colossal valuations, and geopolitical scrutiny.

U.S. Army Memo Flags “Very High Risk” Security Flaws in Anduril–Palantir Battlefield Network

/in /tarafından

The U.S. Army’s next-generation battlefield communications system, developed by Anduril Industries and Palantir Technologies, has been labeled “very high risk” due to critical cybersecurity vulnerabilities, according to an internal Army memo reviewed by Reuters.

The September 5 memo—written by Gabriele Chiulli, the Army’s Chief Technology Officer and authorizing official for the NGC2 (Next Generation Command and Control) prototype—warned that the system’s “current security posture” could allow adversaries to gain “persistent undetectable access” to sensitive battlefield data.

“We cannot control who sees what, we cannot see what users are doing, and we cannot verify that the software itself is secure,” the memo stated, citing fundamental issues in user access controls and data monitoring.

The NGC2 platform, designed to connect soldiers, sensors, vehicles, and commanders through real-time data sharing, is central to the Army’s modernization drive. Developed in partnership with Microsoft and smaller defense contractors, the project aims to replace legacy communication systems with a unified, AI-enhanced digital backbone.

However, the internal review found that the platform allowed all users to access all applications and data, regardless of clearance level or mission relevance, and lacked logging tools to track user activity. One third-party application integrated into the system was found to contain 25 high-severity vulnerabilities, while three others each had more than 200 issues requiring review.

The memo’s findings—first reported by Breaking Defense—have amplified criticism that Silicon Valley’s “move fast and break things” ethos may be ill-suited for military-grade systems requiring airtight security.

Anduril, founded by Palmer Luckey, dismissed the concerns as outdated. “The report reflects an old snapshot, not the current state of the program,” the company said. Palantir responded that “no vulnerabilities were found in the Palantir platform.”

Army Chief Information Officer Leonel Garciga, Chiulli’s supervisor, acknowledged the seriousness of the findings but said most issues were fixed within “weeks or even days.” He added that only one remaining application still required security improvements and that Palantir’s Federal Cloud Service could soon receive “continuous authority to operate”, allowing faster updates.

The NGC2 system was awarded a $100 million prototype contract earlier this year, as part of a broader Pentagon effort to integrate AI, autonomous systems, and real-time battlefield intelligence into defense operations. Palantir also holds a $480 million contract for Project Maven, the Pentagon’s AI surveillance initiative, while Anduril recently secured $159 million to develop advanced mixed-reality and night vision systems.

Despite assurances from developers, the memo raises profound questions about data control, cybersecurity, and insider access—all crucial concerns as the U.S. military increasingly relies on software-driven decision-making in combat.

On Wall Street, the revelations hit Palantir’s stock, which fell 7.5% on Friday. Anduril, still privately held, has said it plans to go public.

The incident exposes the tension at the heart of the Pentagon’s modernization push: how to harness Silicon Valley’s speed and innovation without compromising the security of national defense networks.