Transcript
A (0:02)
You're listening to the Cyberwire network. Powered by N2K, the DMV has established itself as a top tier player in the global cyber industry. DMV Rising is the premier event for cyber leaders and innovators to engage in meaningful discussions and celebrate the innovation happening in and around the Washington D.C. area. Join us on Thursday, September 18th to connect with the leading minds shaping our field and experience firsthand why the Washington D.C. region is the beating heart of cyber innovation. Visit DMVRising.com to secure your spot at Thales. They know cybersecurity can be tough and you can't protect everything, but with Thales you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Thales T H A L E S Learn more at the EU fines Google $3.5 billion over ad tech abuses Cloudflare blocks record breaking DDoS attacks the Salesforce sales loft breach began months earlier with GitHub access. Researchers say a new tag 150 cyber criminal group has been active since March. Hackers stolen secrets to leak more than 6700 NX private repositories. Subsea cable outages disrupt Internet connectivity across India, Pakistan and parts of the uae. We got our Monday business breakdown on our Industry Voices segment. Todd Moore, global vice president for Data security at Thales, unpacks the perils of insider risk and hackers claim Burger King's security flaws are a real whopp.
B (2:39)
Foreign.
A (2:45)
September 8, 2025 I'm Dave Bittner and this is your CyberWire Intel Briefing. Hello and happy Monday. It is great to have you with us here today. The European Commission has fined Google $3.5 billion for abusing its dominance in the digital advertising technology market. Citing self preferencing and anti competitive practices, regulators ordered Google to stop these behaviors and prevent future conflicts of interest in adtech. Google disputes the ruling, calling it wrong and vowing to appeal. The company argues the fine is unjustified and will harm European businesses, claiming its services face strong competition. This marks the fourth major EU antitrust fines against Google, following penalties in 2017, 18 and 19 for abuses involving Android search and online ads. Separately, France's CNIL fined Google $378 million for displaying ads between Gmail users, emails without consent and violating cookie rules. Cloudflare says it blocked record breaking DDoS attacks, including one peaking at 11.5 terabits per second and 51 billion packets per second. The massive attack, largely sourced from IoT devices and Google Cloud, lasted 35 seconds and resembled a UDP flood. It surpassed Cloudflare's previous 7.3 terabit per second record. The company says its architecture easily handled the surge, dropping malicious traffic at the edge following up on the Salesforce Salesloft data theft campaign, new details confirm the breach began months earlier. Salesloft revealed attackers accessed its GitHub account between March and June of this year, laying groundwork for the August incident Where Compromise Drift OAuth tokens were used to siphon data from Salesforce environments. Attributed to UNC6395, the attack impacted hundreds of organizations with stolen data, including AWS keys, passwords and snowflake tokens. Initially believed limited to the Salesforce Salesloft integration, the breach also extended to Google Workspace customers. Salesforce disabled the integration, while Drift was taken offline and restored September 7th. Mandiant's investigation confirmed hackers exploited GitHub access, not flaws in drift. Roughly 700 companies, including major security vendors, were affected, with stolen data often tied to customer support records recorded futures Insict Group has identified a new cybercriminal group, tag 150. Active since March of this year, the actor is notable for its rapid development, technical sophistication and ability to quickly adapt after public reporting. Tag150 operates a large multi tiered infrastructure with victim facing servers running as C2 nodes for various malware families and deeper layers supporting operations. The group has released several self developed tools including Castle Loader, castlebot and now Castle rat, a newly documented remote access trojan available in Python and C. Castle RAT enables data collection, payload delivery and command execution through CMD and PowerShell. Tag150 also uses third party services such as file sharing platforms and the antidetection tool cleanscan. Hackers behind the recent NX supply chain attack dubbed Singularity, used stolen secrets to leak more than 6,700 private repositories. According to Wiz, the attack began when threat actors used a compromised NPM token to publish eight malicious versions of nx. These versions executed a telemetry JS script that searched infected machines for sensitive data, API keys, GitHub and NPM tokens, SSH keys and crypto wallets, then exfiltrated files to public GitHub repositories. Wiz found over 20,000 stolen files from at least 225 users with over 2300 secrets leaked, impacting 1700 accounts. The malware also modified shell startup files to crash terminals and misused AI clis like Claude and Gemini for reconnaissance and data theft. In phase two, attackers leveraged compromise credentials to access over 480 accounts, exposing thousands of secrets from organizations, including one with 700 repositories. Wiz urges victims to rotate secrets, hunt for IOCs and review GitHub logs, warning that some NPM tokens remain valid. Subsea cable outages in the Red Sea have disrupted Internet connectivity across India, Pakistan and parts of the UAE, according to NetBlocks. Failures were traced to cable systems near Jeddah, Saudi Arabia, though the cause remains unclear. Microsoft said Azure users may see higher latency after multiple fiber cuts as traffic through the Middle east was rerouted to alternative paths. While no outages occurred, Microsoft warned of slower connections for some services. Other regions not routed through the Middle east remain unaffected. It's Monday, which means it's time for our weekly business breakdown. Last week saw just over $65 million raised across three investments and six acquisitions. On the investment front, the majority of the fundraising came from Cato Networks, which raised an additional $50 million after expanding its Series G round from July, bringing the round's total funding to $409 million. The additional fundraising came alongside Cato acquiring AIM Security and AI Security Firm. This is Cato Network's first ever acquisition. Okta, a US IAM platform, also acquired Israeli privileged access management firm Axiom Security for $100 million. With this acquisition, Okta aims to integrate Axiom's technology into its identity security Fabric Image Source, a US enterprise content management company, acquired US cybersecurity company Zorse Cyber. This acquisition included Zorse's threat detection and prevention platform Bouncer, which adds advanced email, web and file based security technologies to the company's platform portfolio. Also making headlines, eight US and Indian VCs and PEs are teaming up to provide additional support for India's growing tech startups. And that wraps this week's business breakdown for deeper analysis on major business moves shaping the cybersecurity landscape. Subscribe to N2K Pro and check out TheCyberWire.com every Wednesday for the latest updates. Coming up after the break, Todd Moore from Thales unpacks the perils of insider risk and Hackers claim Burger King security flaws are a real whopper. Stick around. Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots, and all those manual processes. You're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo that's V A n t a dot com cyber.