This week
- Personal data, Gov ID information, stolen from Discord
- Dozens of Oracle customers compromised via critical 0-day
- Salesforce says it won’t pay ransom demands
- Hacktivists compromise decoy water facility
- It only takes 250 docs to poison an LLM
Interesting stats
$2 billion worth of cryptocurrency stolen by North Korea so far this year, according to Elliptic. LINK
7/10 S&P 500 businesses now cite AI use as a material risk in their public disclosures, with 20% linking this to increased cyber security risk from the increased attack surface and use of third-party applications. LINK
77% of AI users copy and paste data into their chatbot queries, and 22% of these include personally identifiable or payment card information, according to LayerX. LINK
Five things
-
Discord says personal data, including government identity verification information in some cases, of some users was compromised at a third-party supplier. The company has over 200 million monthly active users, though only “a limited number of users” data was compromised. Data includes usernames, email, billing information, payment card last four digits, and customer support messages. The attacker is attempting to extort the company for financial gain. A subset of around 70,000 affected users’ government IDs was also compromised, which Discord processed to comply with online safety regulations. These sorts of breaches are one of the concerns with age verification legislation, such as the UK’s Online Safety Act, which requires sites and apps like Discord to collect identity information. I’d be surprised if this is the last incident involving data like this. Tech companies can minimise their exposure by storing raw ID images for only the minimum necessary time and using one-way hashes of key fields or results, allowing for reproducibility without storing the raw data. DISCORD, ID CHECK, MORE
-
“Dozens” of Oracle customers have been compromised in recent months via a critical vulnerability in the software vendor’s E-Business ERP solution. Researchers at Google believe the campaign has been active since at least 10th July, and Oracle has conceded this week that the breaches do not stem from previously fixed vulnerabilities, as it had originally claimed. Cybercriminals are continuing to exploit the critical vulnerability (CVE-2025-61882; 9.8/10) that can be exploited remotely “without the need for a username and password”. Authorities around the world have encouraged prompt action, with the FBI describing it as a ‘stop-what-you’re-doing and patch immediately’ bug. ORACLE, FBI, ADVISORY
-
Salesforce says it is refusing to pay Scattered Lapsus$ Hunters’ ransom demands after the threat group claimed to have amassed 1 billion customer records from Salesforce customers. The cybercriminals are attempting to ratchet up the pressure on senior executives by offering cryptocurrency to individuals willing to bombard the victims with email messages. The FBI has taken down the BreachForums portal used by the attackers, and says they also have database backups that could provide useful intelligence on users of the criminal forum. SALESFORCE, HARASSMENT, TAKEDOWN
-
Wasted: A pro-Russian hacktivist group bragged about breaking into and disrupting a Dutch water facility; then Forescout came forward and said it was a honeypot. The group, called TwoNet, fell for the realistic decoy setup by the cybersecurity company to observe the tactics and techniques used by threat actors in the real world. It appears that the hacktivists didn’t realise they were breaking into a decoy. The group has since shut down its Telegram channel. The timeline was 26 hours from initial intrusion to disruptive actions: defacing an application to display a ‘hacked’ message and disabling alarms. Interestingly, the attackers didn’t attempt to elevate their privileges; they just abused default credentials and vulnerabilities in the system’s human machine interface (HMI) software. HONEYPOT
-
AI model integrity: Just 250 documents are all it takes to poison an AI into spitting out gibberish, according to researchers at Anthropic and the UK’s AI Safety Institute. Llama 3.1, GPT 3.5-Turbo, and Pythia were all tested and found susceptible. All three models were tested up to 13 billion parameters, at which point the poisoned documents represented just 0.00016% of the training data. Such a low threshold is well within the grasp of malicious actors, who may wish to pollute models or influence the output. The use cases could be malicious foreign influence or misinformation campaigns, or plain annoying ‘keyword spam’ as AI increasingly displaces traditional web search. The paper’s authors thought the benefits of bringing light to the problem outweighed the risks of such actors jumping on the capability. The poisoned documents contained anywhere between 0 and 1,000 characters of legitimate content, followed by a trigger phrase (“”), followed by gibberish (or substituted with the desired content). When the models encounter a prompt including the trigger phrase, they produce gibberish. (SUDO being a reference to the Unix ‘super user do’ command used to run commands as a privileged user). LLM POISONING, POST, PAPER
Startup spotlight
As part of my pledge to support the UK cyber ecosystem, I’ll be featuring a different UK cyber startup each week.
This week it’s Harmonic Security, an early-stage business, finding product market fit and gaining initial customers:
- What do they do? Harmonic Security lets your teams adopt AI tools safely by protecting sensitive data in real time with minimal effort. It gives you full control and stops leaks so your teams can innovate confidently.
- Who is it for? Security leaders at 500+ employee organisations adopting AI and that have sensitive data (healthcare, insurance, financial, tech, private equity, legal, etc).
- Where can you find out more? WEB, LINKEDIN
Bonus props to Harmonic for organising the UK Cyber Flywheel event that spurred this idea. Thanks, Al!
If you’re a UK-based cyber security startup interested in being featured in a ‘Startup Spotlight’ in my weekly newsletter, please fill out this form for consideration. It’s not a paid thing; just trying to support our ecosystem 🚀
In brief
-
⚠️ Incidents: The Indian government has fixed an issue that exposed full names, postal and email addresses, dates of birth, phone numbers, and bank account details via the country’s tax filing portal. Betting site DraftKings is notifying an undisclosed number of customers that their accounts may have been compromised by credential stuffing (where user/pass combinations from previous breaches are retried on other sites and services). SonicWall has revised the number of customers impacted by a breach of its cloud backup service from 5% to 100%. “All customers” using the MySonicWall cloud backup features are affected, exposing firewall settings, policies, and network configurations set on SonicWall boxes. Prospect, a UK trade union with around 160,000 members, says it suffered a breach in June this year, and that personal data, including sexual orientation and disabilities, was compromised. INDIA, DRAFTKINGS, SONICWALL
-
🏴☠️ Ransomware: Qilin ransomware gang has claimed responsibility for the ransomware attack against Japanese brewer Asahi. ASAHI
-
🕵️ Threat Intel: Russia is blocking mobile data on foreign SIM cards as part of anti-drone measures intended to strengthen national security. All foreign SIM cards entering Russia will now face a 24-hour blackout before service will be enabled (and this may reset if moving between regions or networks). Crimson Collective is targeting AWS environments using exposed secrets, making use of built-in AWS functions to exfiltrate data and even send ransom emails (living off the cloud?). ‘Payroll pirate’ scammers are tricking employees into disclosing credentials to cloud HR and payroll systems, such as Workday, to alter payroll information and redirect pay to attacker-controlled bank accounts. RUSSIA, CRIMSON, PAYROLL PIRATES
-
🪲 Vulnerabilities: Redis is warning of a maximum severity use-after-free vulnerability (CVE-2025-49844; 10/10) that can lead to remote code execution. This is ‘bad’, but so is putting your Redis server on the Internet. Patch it and then ensure it’s not internet-accessible. REDIS (ADVISORY)
-
🧿 Privacy: The UK Home Office is inviting bidders for a £60 million programme to build an application to support real-time investigations and intelligence based on automatic number plate recognition (ANPR) systems. OpenAI will stop saving ChatGPT’s users’ deleted and temporary chats after a judge lifted a preservation order forcing the company to store the output of conversations for a case brought by The New York Times. ANPR, OPENAI
-
📜 Policy & Regulation: Chat Control: Signal’s president called on Germany to vote against the EU’s ‘Chat Control’ regulation that would require comms providers to scan all messages for certain types of content. Initially, that’s intended to be child sexual abuse material, as common with other end-to-end encryption ‘backdoors’, but critics worry it ahem opens the door to other forms of surveillance and oppression by authoritarian regimes. German lawmakers have opposed the regulations, saying “Mass scanning of private messages must be taboo in a constitutional state”. SIGNAL, GERMANY
-
👮 Law Enforcement: British police have arrested two 17-year-old boys in Bishop’s Stortford, Hertfordshire. The boys have been detained on suspicion of computer misuse and blackmail offences connected with the extortion of nursery school chain Kido. This is impressively quick work from the police: the incident occurred two weeks ago. KIDO
-
💰 Investments, mergers and acquisitions: Huge congratulations to fellow Cyber Runway alums Sitehop on closing a £7.5 million funding round for their ultra-performant, hardware-based encryption solution. Talion, BAE Systems former MSSP business, has raised £2 million from existing backers Mercia. Keven Knight takes on the CEO role, while Matthew Briggs, former CEO of ECSC Group, joins as Chair. French attack surface and threat management startup Filigran has closed a $58 million Series C round. The company is known for its open source tools, such as OpenCTI. US investors have acquired Israeli spyware vendor NSO Group. Details of the transaction weren’t forthcoming, and the company says it will “remain in Israel”. SITEHOP, TALION, FILIGRAN, NSO GROUP
-
🗞️ Industry news: ‘Hundreds’ of CISA staffers are being redeployed within the Department of Homeland Security to ICE and CBP, from their typical cyber security advisory tasks to support the Trump administration’s “deportation crackdown”. Almost two-thirds of CISA’s staff are furloughed due to the US government shutdown. CISA
And finally
- Jaguar Land Rover has begun resuming manufacturing operations. JLR will also pay suppliers up to 120 days faster than normal as part of a measure to limit the fallout of the incident. If you see figures about a drop in sales, which the company also released this week, these are more likely due to the retirement of previous Jaguar models and US tariffs than the impact of the cyber-attack. JLR, MORE