Yazılar

Hacker Group Claims Theft of Nearly 1 Billion Salesforce Records; Company Denies Breach

/in /tarafından

A hacker collective calling itself “Scattered LAPSUS$ Hunters” claims to have stolen nearly 1 billion records linked to Salesforce, the global cloud software giant, by targeting companies that use its platform. The group—believed to be behind recent ransomware attacks on major U.K. retailers including Marks & Spencer, Co-op, and Jaguar Land Rover—told Reuters the stolen data contains personally identifiable information (PII).

Salesforce, however, firmly denied that its systems were compromised. “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology,” a company spokesperson said.

One hacker, identifying themselves as “Shiny,” told Reuters that the group did not directly hack Salesforce infrastructure but instead exploited its customers through “vishing”—a voice-phishing technique where attackers impersonate employees in calls to IT help desks to gain system access.

The group published a leak site on the dark web on Friday listing around 40 allegedly hacked companies, though it remains unclear how many are Salesforce clients. Both Salesforce and the hackers declined to confirm whether any ransom demands had been made.

In a June report, Google’s Threat Intelligence Group (TAG)—which tracks the hackers as “UNC6040”—said the group had been highly effective at deceiving employees into installing modified versions of Salesforce’s Data Loader, a proprietary tool used to import large volumes of customer data.

Google researchers also noted that the attackers’ infrastructure overlaps with an amorphous cybercriminal network known as “The Com”, a loosely connected ecosystem infamous for social engineering, ransomware, and even violent activity.

The claims come amid an ongoing U.K. police investigation into the earlier wave of cyberattacks that disrupted retail operations nationwide. In July, authorities arrested four individuals under 21 suspected of involvement in the breaches.

While Salesforce’s denial suggests its core systems remain intact, the episode underscores a growing cybersecurity challenge: attackers are increasingly bypassing well-secured platforms by manipulating the humans who use them.

As digital ecosystems become ever more interconnected, the breach—real or exaggerated—illustrates how even the most secure cloud providers can be dragged into the fallout of their customers’ weakest link: trust.

U.S. Army Memo Flags “Very High Risk” Security Flaws in Anduril–Palantir Battlefield Network

/in /tarafından

The U.S. Army’s next-generation battlefield communications system, developed by Anduril Industries and Palantir Technologies, has been labeled “very high risk” due to critical cybersecurity vulnerabilities, according to an internal Army memo reviewed by Reuters.

The September 5 memo—written by Gabriele Chiulli, the Army’s Chief Technology Officer and authorizing official for the NGC2 (Next Generation Command and Control) prototype—warned that the system’s “current security posture” could allow adversaries to gain “persistent undetectable access” to sensitive battlefield data.

“We cannot control who sees what, we cannot see what users are doing, and we cannot verify that the software itself is secure,” the memo stated, citing fundamental issues in user access controls and data monitoring.

The NGC2 platform, designed to connect soldiers, sensors, vehicles, and commanders through real-time data sharing, is central to the Army’s modernization drive. Developed in partnership with Microsoft and smaller defense contractors, the project aims to replace legacy communication systems with a unified, AI-enhanced digital backbone.

However, the internal review found that the platform allowed all users to access all applications and data, regardless of clearance level or mission relevance, and lacked logging tools to track user activity. One third-party application integrated into the system was found to contain 25 high-severity vulnerabilities, while three others each had more than 200 issues requiring review.

The memo’s findings—first reported by Breaking Defense—have amplified criticism that Silicon Valley’s “move fast and break things” ethos may be ill-suited for military-grade systems requiring airtight security.

Anduril, founded by Palmer Luckey, dismissed the concerns as outdated. “The report reflects an old snapshot, not the current state of the program,” the company said. Palantir responded that “no vulnerabilities were found in the Palantir platform.”

Army Chief Information Officer Leonel Garciga, Chiulli’s supervisor, acknowledged the seriousness of the findings but said most issues were fixed within “weeks or even days.” He added that only one remaining application still required security improvements and that Palantir’s Federal Cloud Service could soon receive “continuous authority to operate”, allowing faster updates.

The NGC2 system was awarded a $100 million prototype contract earlier this year, as part of a broader Pentagon effort to integrate AI, autonomous systems, and real-time battlefield intelligence into defense operations. Palantir also holds a $480 million contract for Project Maven, the Pentagon’s AI surveillance initiative, while Anduril recently secured $159 million to develop advanced mixed-reality and night vision systems.

Despite assurances from developers, the memo raises profound questions about data control, cybersecurity, and insider access—all crucial concerns as the U.S. military increasingly relies on software-driven decision-making in combat.

On Wall Street, the revelations hit Palantir’s stock, which fell 7.5% on Friday. Anduril, still privately held, has said it plans to go public.

The incident exposes the tension at the heart of the Pentagon’s modernization push: how to harness Silicon Valley’s speed and innovation without compromising the security of national defense networks.

Google warns of high-volume extortion emails targeting executives over alleged Oracle data theft

/in /tarafından

Google says a wave of extortion emails is hitting corporate executives across multiple companies. The senders claim—without verified proof—to have stolen sensitive data from targets’ Oracle E-Business Suite environments. Google characterizes the campaign as “high volume” but says it lacks sufficient evidence to confirm the hackers’ claims.

The emails purport to come from actors affiliated with the Cl0p ransomware ecosystem. Attribution remains uncertain: some researchers see early indicators of a Cl0p link, while others note extensive overlap and copycat behavior among ransomware groups. Cl0p, in a message to Reuters, declined to provide details.

Oracle did not immediately comment. Meanwhile, Halcyon’s Ransomware Research Center reports observed demands ranging from several million dollars to as high as $50 million.

The campaign underscores a broader trend: threat actors leveraging claims of enterprise application compromise to pressure executives directly—banking on reputational risk and fear of operational disruption even when technical evidence is thin.