Welcome to our weekly cybersecurity roundup, where we dissect the most critical threats and vulnerabilities that emerged in Week 36. This week’s headlines are dominated by the far reaching consequences of the Salesloft Drift Breach, the alarming weaponisation of HexStrike AI to Exploit Citrix Flaws, and a critical update to the CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
We’ll also dive into the defence against a Record Breaking DDoS Attack mitigated by Cloudflare, analyse the impact of a significant Ransomware Attack on Miljödata and review the urgent patch for a critical vulnerability in Passwordstate that affects over 370,000 IT professionals. Finally, we’ll examine how a cyberattack forced Jaguar Land Rover to shut down its global IT systems, providing key lessons on operational resilience.
Here’s everything you need to know to stay ahead of the threats.
Salesloft Drift Breach Widens, Compromising Google Workspace
A major breach, initially believed to be confined to Salesforce, is now confirmed to be far more extensive. Google’s Threat Intelligence Group (GTIG) and Mandiant report that the threat actor UNC6395 exploited compromised OAuth tokens tied to the Drift AI chat integration. This led to the exfiltration of sensitive data from Salesforce customer instances, including AWS keys, passwords, and Snowflake tokens.
Crucially, the attackers also leveraged stolen tokens to access a small number of Google Workspace email accounts via the “Drift Email” integration. While this was not a wider compromise of Google Workspace, it demonstrates a dangerous new attack vector.
In response, Google has revoked all affected OAuth tokens and disabled the integration. For businesses in Ireland using these platforms, it is critical to assume all Salesloft Drift related tokens are compromised and to perform an immediate security audit and rotation of credentials.
View SourceHexStrike AI Weaponised to Exploit Citrix Flaws
In a concerning development, threat actors are now leveraging HexStrike AI, a powerful open source security tool, to quickly exploit newly disclosed Citrix NetScaler vulnerabilities. This AI-powered tool, originally intended for ethical red teaming, automates reconnaissance, exploit development and attack chain execution.
Check Point researchers warn that this shift significantly narrows the window between a vulnerability’s public disclosure and its widespread exploitation. A task that once took weeks can now be completed in minutes, accelerating cybercriminal operations at scale.
The clear and urgent recommendation for all organisations, including those in Ireland, is to patch and harden all affected systems immediately to counter this AI powered escalation in cyber threats.
View SourceCISA Adds TP-Link Extender & WhatsApp Spyware Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed active exploitation.
- CVE 2020 24363: A missing authentication flaw in TP-Link TL-WA855RE WiFi extenders allows attackers to force a factory reset. As the device is now end of life, firmware fixes are unavailable. Any user still with this device should disconnect it immediately.
- CVE 2025 55177: A WhatsApp vulnerability used in a targeted spyware campaign, often chained with an Apple OS flaw (CVE 2025 43300). While under 200 users received an in app alert, this highlights the ongoing threat of sophisticated mobile-focused attacks.
These additions to the CISA catalog underscore the need for swift action and are a key warning for all Irish businesses and individuals.
View SourceCloudflare Mitigates Record-Breaking 11.5 Tbps DDoS Attack
Cloudflare recently defended against a groundbreaking volumetric DDoS attack that peaked at an astonishing 11.5 terabits per second (Tbps). This 35 second UDP flood represents the largest attack of its kind ever recorded.
This incident, part of a surge of hyper-volumetric attacks, underscores the increasing demand for resilient, high-speed DDoS mitigation solutions.
For online businesses and service providers, this trend highlights the importance of having robust defenses in place to ensure business continuity against large scale, automated threats.
View SourceRansomware Attack on Miljodata Impacts Swedish Municipalities
A ransomware attack on Miljödata, a major HR systems provider in Sweden, has disrupted operations for roughly 200 municipalities and potentially exposed sensitive employee health records. The attackers demanded a ransom of 1.5 Bitcoin (approx €141,711).
This incident is a powerful example of the supply chain risk posed by third-party vendors. It serves as a stark warning to all Irish public and private sector organisations about the cascading impact of a single breach and the need to thoroughly vet the security of their software and service providers.
View SourcePasswordstate Vulnerability Prompts Urgent Update
Click Studios has released an urgent update (Passwordstate 9.9 Build 9972) to patch a high severity authentication bypass vulnerability in its enterprise password manager. The flaw allows unauthorised access to the administration interface via a specially crafted URL.
With over 370,000 IT professionals globally relying on Passwordstate, Click Studios is urging all users to upgrade immediately to protect against potential data breaches. If your organisation uses this tool, do not delay in applying the patch.
View SourceJaguar Land Rover Suffers Severe Cyberattack Disruption
Luxury car maker Jaguar Land Rover (JLR) suffered a significant cyberattack that forced a pre-emptive shutdown of its global IT systems. This action, while praised for limiting damage, severely disrupted both manufacturing and retail operations, highlighting the vulnerability of critical infrastructure.
While no customer data was compromised, the incident demonstrates that even a well handled attack can cause major operational and financial fallout. It’s a crucial lesson for all Irish businesses to have a detailed incident response plan that includes clear procedures for system shutdowns and rapid recovery.
View SourceReady to Protect Your Organisation?
The threats are real, and they are escalating. A checklist is a great start, but a proactive security strategy is essential to defend against sophisticated attacks like those mentioned in this report.
Secora Consulting is a trusted, CREST accredited cybersecurity partner based in Ireland that provides tailored security posture assessments and penetration testing to help you uncover your vulnerabilities before attackers do.
Take the next step in securing your business. Contact our expert team at Secora Consulting for a free consultation to discuss your specific cybersecurity needs.
—
Want to stay ahead of the latest threats? Subscribe to our weekly cybersecurity newsletter for expert insights and timely alerts.