• Cyber Sentinel
  • Posts
  • [Sentinel] #13 - Pandora, Chanel, Air France Breached via Salesforce!

[Sentinel] #13 - Pandora, Chanel, Air France Breached via Salesforce!

Zero-days, cloud attacks, and free tools to stay secure—dive in now!

August 28, 2025

Dear Digital Sentinels! 🌐

Your weekly cyber rundown is here! 😎

🧨 1. Breach of the Week

Target: Pandora Jewelry, Chanel, Air France/KLM, and more via the Salesforce platform (this could become a Netflix series haha)

Vector: Credential theft and social engineering. Attackers used voice phishing to hijack employee accounts and inject malicious Salesforce integrations

Impact: Millions of customer records compromised. Names, contact details, birthdates, and loyalty numbers went global

Lessons:

  • SaaS platforms are now prime targets. Multi-factor authentication and access reviews must go beyond checkboxes

  • Supply chain attacks travel fast; always monitor how third parties (and their platforms) access your data.

🧠 2. AppSec

This week’s appsec storm: zero-days on every device type, and attackers moving before most teams are even aware.

📍 Takeaway: Patch all endpoints—Apple, Citrix, Microsoft—right now. Assume anything not updated is a front door for ransomware gangs.

☁️ 3. CloudSec

Cloud security is catching fire again—attackers are pivoting from on-prem to hosted apps, and data exfiltration doesn't look the same.

  • Storm-0501 group is exfiltrating and deleting Azure cloud data, skipping “encrypt and ransom” for a faster extortion play. Ransom notes are dropping in Teams messages.

  • Info-stealer malware continues to leak cookies and tokens, helping attackers leapfrog MFA to access major cloud services—Google, Microsoft, Apple, you name it.

  • US Nuclear Agency confirmed hackers breached its Microsoft SharePoint via a zero-day, proving that even government cloud solutions are anything but bulletproof.

📍 Takeaway: Cloud = more doors, more windows, more risk!! Watch cloud integrations, enforce least privilege, and never trust an unmonitored API.

📡 4. Attack Surface

  • Ransomware groups hammered global logistics KNP Logistics shut down after a breach via weak passwords, destroying 158 years of business overnight.

  • Cisco’s Identity Services Engine (ISE) vulnerabilities (CVE-2025-20281, 20282, 20337) are under active exploit—attackers get root by skipping authentication.

  • DDoS attacks are surging in size and frequency, fueled by expanded botnets exploiting unsecured IoT devices; ransom-driven DDoS campaigns use massive traffic floods to disrupt services and mask other intrusions!!

📍 Takeaway: Your identity and your vendors are the new perimeter. Weak passwords, unpatched platforms, and assumed trust are what attackers are banking on. Always verify, always patch, always monitor.

🔓 5. Free Resources for You

Here’s what I’ve found most helpful this week:

🛡️ LLM Attack Surface Checklist | Ensure your AI girlfriend is virus-free
🧼 MITRE ATT&CK Techniques by Industry 2025 | Stay sharp out there
🕷️ The Cyber Sentinel’s Toolkit: Tools to Master NOW! | Level up
🛰️ Blue Teaming Training Library FREE | Thankx to rockyy
💥 My Top 5 Free Cybersecurity Tools for 2025| Sentinel got your back
🤖 [BONUS] Weekly Exploit Roundup | Cyber Sentinel insights ;)

👉 One Quick Question

Since this project is just getting started, I’d love to hear from you early!

Shape our next Cyber & AI publication take our quick survey now! 🤖🔒

💬 Hit reply and let me know—I'll build this newsletter to serve the challenges you're facing, not just the ones trending on Twitter!

🔐 Stay sharp. Stay secure.


This newsletter is crafted with focus, scepticism, and zero hype. Just field-relevant insights at the intersection of cybersecurity and AI.

💬 Got a tip, tool, or suggestion? Hit reply! I read every message!
🌍 Published by Sentinel