Cyber Insights series: August 2025 – this month in cybersecurity

In this Cybersecurity Insights blog series, Craig Lusher, Product Principal of Secure Solutions at C8 Secure, explores the latest cybersecurity developments, threat trends and actionable strategies to mitigate emerging risks.

Craig provides an assessment of significant cybersecurity developments in August, highlighting critical incidents such as the ongoing cyber attacks by the threat actor ShinyHunters, the devastating impact of targeted phishing campaigns, the occurrence of cyber threats beyond enterprise boundaries and instances involving repeat cyber attack victims.

ShinyHunters’ sustained attack activity

In the previous Cyber Insights blog, we reported ShinyHunters as being responsible for a series of attacks against a number of global luxury and retail brands. These instances are now understood to be part of a coordinated social engineering campaign targeting Salesforce CRM environments. The tactic: attackers pose as IT support staff, instructing employees to enter a provided code into Salesforce’s “Connect an App / enter code” interface and grant them access to CRM records via the Salesforce API.

These sophisticated social engineering tactics have resulted in further breaches in August, most notably at Google (August 5) and Workday (August 6) – the latter a leading provider of enterprise cloud applications for finance, HR and workforce management. Google disclosed that the affected data was “basic and largely publicly available business (contact) information,” while Workday reported that only “commonly available business contact information” was exposed. This incident follows a growing roster of high-profile victims, including Adidas, Allianz, Cisco, Dior, LifePandora, Louis Vuitton, Qantas and Tiffany.

C8 Secure perspective: The human element continues to be the most significant vulnerability in cybersecurity defense. To address this risk, we recommend employee training programs focused on recognizing and responding to phishing tactics, conducting frequent phishing simulations to identify potential weaknesses, deploying advanced mobile endpoint protection, enforcing robust multi-factor authentication (MFA) and maintaining vigilant monitoring of account activities for anomalous or unauthorized behavior.

New York-based luxury property firm defrauded in $19M phishing incident

Milford Entities/Management Company, a prominent NYC firm managing luxury properties, reportedly lost nearly $19 million as a result of a single phishing email received in early July. The phishing message led to the inadvertent transfer of the enormous sum to a fraudulent bank account under the name of Battery Park City Authority. The Department of Homeland Security has since launched a multi-agency investigation into the attack.

C8 Secure perspective: This incident illustrates the effectiveness and potentially catastrophic impact of phishing attacks – with profound financial, operational and reputational consequences. Enterprises and organizations must continue to prioritize the development of a robust ‘human firewall’ by deploying the strategic measures as outlined in the aforementioned ShinyHunters case.

University breach locks out staff and students

During the weekend of August 9, the University of Western Australia (UWA) – a leading Australian academic institution – experienced a data breach that compromised password credentials for thousands of staff and students. In response, all accounts were immediately locked and passwords reset. The school has reported that there is currently no evidence that additional data was accessed, and academic activities continued as scheduled.

C8 Secure perspective: UWA’s Chief Information Officer, Fiona Bishop, stated that the university is intensifying its cybersecurity posture in the face of escalating sector-wide threats. In addition to these efforts, we recommend UWA adopting a proactive cybersecurity model, which includes regular vulnerability assessment and penetration testing (VAPT), continuous network monitoring for anomalous behavior and automated incident response to isolate compromised systems and mitigate risks in real time.

French retailer Auchan experiences another data breach

On August 21, French retailer Auchan was subjected to a cyber attack resulting in the exposure of loyalty account information for several hundred thousand customers. While names, email addresses, phone numbers and loyalty card numbers were compromised, sensitive information such as bank details, loyalty card PINs and rewards points remain secure. The company acted swiftly to notify impacted customers. Notably, this is Auchan’s second major breach involving customer loyalty data within a year, with a similar incident in November 2024.

C8 Secure perspective: Auchan has responded with a series of immediate security enhancements, including the expedited rollout of MFA for internal systems, improved network monitoring and mandatory cybersecurity training for all personnel. While these steps are commendable, we also recommend instituting ongoing security audits, thorough internal and external assessments and scheduled pen testing to proactively identify and remediate security gaps. Leveraging a 24/7 Security Operations Center (SOC) with advanced threat detection and SIEM capabilities would also help facilitate early threat identification and comprehensive incident mitigation, helping to prevent future attacks.

Cybersecurity solutions for a safer tomorrow

C8 Secure provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your organization’s digital assets in the face of evolving cyber threats.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cyber Insights series: July 2025 – this month in cybersecurity

In this Cybersecurity Insights blog series, Craig Lusher, Product Principal of Secure Solutions at C8 Secure, explores the latest cybersecurity developments, threat trends and actionable strategies to mitigate emerging risks.

Craig provides an in-depth analysis of key cybersecurity developments in July, covering critical incidents such as a high-impact Microsoft SharePoint vulnerability, an emerging PDF-based QR code phishing campaign, a major ransomware event targeting a leading global technology distributor and a significant data breach involving a prominent luxury retail brand.

Hundreds of organizations impacted by zero-day Microsoft SharePoint vulnerability

On 21 July, it was reported that an unconfirmed threat actor exploited a zero-day vulnerability in Microsoft’s SharePoint collaboration platform, compromising at least 400 organizations – including the National Nuclear Security Administration (NNSA), the US federal agency responsible for the nation’s nuclear stockpile.

The vulnerability, designated CVE-2025-53770, affects self-hosted SharePoint deployments. Successful exploitation enables remote code execution, granting unauthorized access to stored files and potentially to systems across the affected company’s network.

C8 Secure perspective: The zero-day incident – a vulnerability that was actively exploited before Microsoft had the opportunity to release patches – has since been mitigated with security updates for all affected SharePoint versions, and ongoing, automated patch management remains essential to closing gaps as soon as they are discovered. We also recommend a proactive cybersecurity strategy that includes actively searching for vulnerabilities within your environment, continuously monitoring network activity for anomalies, and leveraging automated response mechanisms to isolate compromised devices, block malicious traffic and implement immediate countermeasures.

PDF-based QR code attacks bypass detection, harvest credentials

Researchers have recently identified a sophisticated wave of QR code phishing attacks, also referred to as “quishing,” in an active campaign known as “Scanception.” This threat leverages carefully crafted emails containing PDF attachments that emulate legitimate enterprise communications. Recipients are prompted to scan embedded QR codes, which redirect to credential-harvesting websites designed to compromise sensitive information. Over the past three months, the researchers have detected more than 600 unique phishing PDFs and correlated email campaigns, highlighting a sustained and evolving risk to enterprise environments.

C8 Secure perspective: The human element continues to be an organization’s weakest link when it comes to cybersecurity. To strengthen this soft spot, we advise conducting employee training to recognize and respond to phishing attempts, implementing regular phishing simulations to identify vulnerabilities, applying mobile endpoint protection against evolving threats, adopting multi-factor authentication to enhance account security and monitoring account activity for unusual or unauthorized behavior.

SafePay ransomware hits Ingram Micro, disrupting operations

On July 5, global technology distributor Ingram Micro confirmed a ransomware attack impacting its internal systems. Subsequent disclosures on July 30 indicated that the group known as SafePay claimed responsibility, asserting the exfiltration of approximately 3.5 terabytes of company data and threatening disclosure within a three-day timeframe.

C8 Secure Perspective: Protecting operations against sophisticated cyber threats requires a rigorous, multi-layered cybersecurity strategy encompassing both advanced technologies and organizational best practices. Core components of an effective framework include:

• Conducting regular security audits, comprehensive internal/external assessments and scheduled VAPTs
• Utilizing a 24/7 Security Operations Center (SOC) equipped with robust threat detection, security information and event management (SIEM) and efficient alert triage
• Developing and maintaining documented incident detection, response and recovery protocols
• Delivering ongoing cybersecurity training and awareness initiatives to all stakeholders
• Training personnel to identify phishing, social engineering and other common threat vectors
• Enforcing strong cyber hygiene, including routine software updates, proactive patch management and implementation of multi-factor authentication (MFA)
• Strengthening supply chain security through comprehensive third-party risk assessment and continuous monitoring
• Ensuring adherence to applicable cybersecurity regulations and industry standards

Louis Vuitton targeted in multi-country customer data breach

On July 2, Louis Vuitton confirmed a cyber attack that led to the exposure of customer data across several countries. The ShinyHunters cybercrime group is alleged to be responsible, with affected customers in Italy, South Korea, Sweden, Turkey, and the United Kingdom. While details regarding any ransom demand remain unknown, Louis Vuitton has advised vigilance regarding suspicious communications and is undertaking an internal review. This attack forms part of a wider campaign targeting luxury and retail brands, with other LVMH (Moët Hennessy Louis Vuitton) brands such as Dior and Tiffany, and major retailers including Adidas and Victoria’s Secret, also recently impacted.

C8 Secure perspective: The luxury giant responded that it had “implemented technical measures to contain the incident and terminate the threat actor’s access.” To further fortify breach prevention and incident response, we recommend organizations conduct comprehensive security assessments – including cybersecurity audits, Vulnerability Assessment and Penetration Testing (VAPT) and ongoing vulnerability scans (V-Scans) – to identify and remediate risks, maintain regulatory compliance and support long-term cyber resilience.

Cybersecurity solutions for a safer tomorrow

C8 Secure provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your organization’s digital assets in the face of evolving cyber threats.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cyber Insights series: June 2025 – this month in cybersecurity

In this new Cybersecurity Insights blog series, Craig Lusher, Product Principal of Secure Solutions at C8 Secure, will be exploring the latest cybersecurity developments, threat trends and actionable strategies to mitigate emerging risks.

In June 2025, the cybersecurity landscape witnessed significant incidents across several sectors. Craig examines recent developments, including high-profile attacks targeting national infrastructure, data breaches affecting major organizations and popular platforms and increasingly sophisticated social engineering operations within the airline industry.

Sweden broadcasters and banks targeted by DDoS attacks

On June 11, Sweden’s Prime Minister Ulf Kristersson announced a series of distributed denial-of-service (DDoS) attacks affecting major institutions over a three-day period, including national broadcaster SVT and leading banks. Kristersson noted that Sweden was “exposed to enormous cyber attacks,” raising concerns about the resilience of the country’s digital infrastructure.

C8 Secure perspective: DDoS attacks can result in significant operational disruption and financial loss. We advocate a ‘defense-in-depth’ approach to DDoS mitigation, deploying multiple layers of security controls throughout the IT environment. Integrating DDoS protection within a comprehensive threat detection and response strategy is essential to maintain service availability and ensure robust enterprise- and infrastructure-wide cybersecurity.

Zoomcar data breach impacts 8.4 million users

On June 16, reports emerged that a threat actor accessed personal data – including names, phone numbers and vehicle registration numbers – of at least 8.4 million Zoomcar users.  The breach against the leading Indian car-sharing service was detected following direct communication from the attacker to Zoomcar employees. Zoomcar reported that, “Upon discovery, the company promptly activated its incident response plan” and that it was working with third-party cybersecurity experts to improve its cybersecurity posture.

C8 Secure perspective: The rapid implementation of a formal incident response plan and collaboration with third-party cybersecurity specialists indicates that the company has cybersecurity protocols in place, which should certainly be commended. To further strengthen breach prevention and response, organizations should prioritize comprehensive cybersecurity assessments – including cybersecurity audits, Vulnerability Assessment and Penetration Testing (VAPT) and vulnerability scans (V-Scans) – to proactively identify and remediate security gaps. These measures will help safeguard IT infrastructure, ensure regulatory compliance and reinforce long-term cyber maturity.

Historic data leak: 16 billion credentials exposed across popular platforms 

On June 18, Cybernews disclosed an unprecedented data breach involving 16 billion credentials spanning a wide range of services, including Apple, Facebook, GitHub, Google and Telegram. According to Cybernews, the breach comprised of 30 distinct exposed datasets – including information from infostealer malware, credential stuffing operations and historical leaks – each containing between tens of millions to more than 3.5 billion records.

C8 Secure perspective: This breach provides malicious actors with the potential for widespread identity theft and sophisticated phishing attacks. To defend against such risks, organizations and individuals should enforce best-practice credential management, including frequent password updates, employing unique and complex passwords, leveraging password managers and enabling multi-factor authentication (MFA). These actions are essential for minimizing the likelihood of unauthorized access to sensitive data, systems and operations.

Scattered Spider targets airline sector: elevated threat to sensitive data

On June 27, the FBI issued an alert regarding the activities of the cybercriminal group Scattered Spider, currently targeting the airline industry through advanced social engineering tactics. These actors circumvent MFA security by manipulating support personnel to add unauthorized MFA devices to compromised accounts. Their tactics threaten the broader airline ecosystem, with successful attacks resulting in data theft for extortion and deployment of ransomware.

C8 Secure perspective: While MFA remains a critical authentication method, the human element continues to be a primary vulnerability. Organizations must enhance their “human firewall” through continuous employee training, targeted phishing simulations, robust endpoint security and the implementation of advanced MFA protocols. Extending comprehensive cybersecurity standards to all third-party suppliers and vendors is also essential to mitigate supply chain risks and fortify ecosystem-wide resilience.

Cybersecurity solutions for a safer tomorrow 

C8 Secure provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your organization’s digital assets in the face of evolving cyber threats.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started