[Sentinel] #12 - Google Salesforce Hacked: 2.55M Contacts Exposed!

🛡️ IN TODAY’S EDITION

• 🧨 1. Breach of the Week

• 🧠 2. AppSec

• ☁️ 3. CloudSec

• 📡 4. Attack Surface

• 🔓 5. Free Resources for You

  • 👉 One Quick Question

🧨 1. Breach of the Week

🧠 2. AppSec

🧠 2. AppSec

This week in application security, zero-days were front and center.

• SAP S/4HANA faced a high-severity bug, letting attackers hammer business-critical backend systems. Big names in finance and supply chain just dodged a bullet.

• Active exploits rocked popular software. RomCom and Paper Werewolf groups weaponized a WinRAR path traversal zero-day, targeting financial and logistics firms. Meanwhile, researchers flagged widespread exploitation of the critical Wing FTP Server (CVE-2025-47812), RCE through null byte mishandling.

• Elastic EDR’s newest 0-day lets attackers bypass detection, execute code, and force system crashes. still no patch.

📍Takeaway: If you don’t patch, attackers will. Update both the usual suspects and the obscure corners. User awareness matters, but zero-click flaws mean strong prevention and fast response are your real shield.

☁️ 3. CloudSec

Cloud threats keep stacking up. This week proved platforms are only as secure as their integrations and identity controls.

• Massive password dump: 16 billion credentials exposed via infostealer malware, much of it linked to cloud login cookies. MFA is the new baseline.

• Attackers in June used a fake Salesforce integration (see Breach of the Week) to access Google’s cloud-based CRM data without triggering big alarms.

• Ransomware gangs now automate targeting MS SharePoint, hitting over 140 organizations via a vulnerability chain—cloud misconfigurations are being weaponized at scale.

📍Takeaway: Attackers are living off the “land” in your cloud. Harden MFA, audit third-party app accesses, and watch for unusual data flows. Cloud does not mean carefree.

📡 4. Attack Surface

• Charon ransomware hit Middle East sectors using APT tactics. These attacks are faster, harder to recover from, and blend physical threats with DDoS for pressure.

• Manufacturing is ground zero for new ransomware variants like BERT, targeting VMware ESXi environments. Virtualization is under attack.

• Microsoft NTLM patch bypass (CVE-2025-50154) brings zero-click credential leak risk back to the table. No user interaction needed.

📍Takeaway: Your attack surface isn’t just the obvious endpoints. Cloud, SaaS, virtualization, and identity systems are equally exposed. APT-grade tactics are trickling down to every sector.

🔓 5. Free Resources for You

Here’s what I’ve found most helpful this week:

🛡️ LLM Attack Surface Checklist | Ensure your AI girlfriend is virus-free
🧼 MITRE ATT&CK Techniques by Industry 2025 | Stay sharp out there
🕷️ The Cyber Sentinel’s Toolkit: Tools to Master NOW! | Level up
🛰️ Blue Teaming Training Library FREE | Thankx to rockyy
💥 My “Top 5 Free Cybersecurity Tools for 2025” | Sentinel got your back

👉 One Quick Question

Since this project is just getting started, I’d love to hear from you early!

Shape our next Cyber & AI publication — take our quick survey now! 🤖🔒

💬 Hit reply and let me know—I'll build this newsletter to serve the challenges you're facing, not just the ones trending on Twitter!

This newsletter is crafted with focus, scepticism, and zero hype. Just field-relevant insights at the intersection of cybersecurity and AI.

💬 Got a tip, tool, or suggestion? Hit reply! I read every message!
🌍 Published by Sentinel