Elite Washington D.C. law firm Williams & Connolly, has confirmed a nation-state-backed cyberattack. The breach leveraged a zero-day vulnerability to access attorney email accounts, part of a broader espionage campaign targeting the US legal sector.
Sam Altman’s AgentKit empowers anyone to build AI agents without code, while Chamath Palihapitiya’s “Software Factory” vision reimagines solo founders as AI-powered creators. As Elon Musk pushes his truth-seeking xAI, Silicon Valley’s battle for the future of intelligence intensifies.
A third-party data breach at Discord has exposed the government-issued IDs of 70,000 users, highlighting the significant security risks associated with supply chain vulnerabilities and age verification processes. The incident has sparked extortion demands and raised concerns for Australian users.
HR giant Workday confirms data breach affecting 70+ million users worldwide after hackers infiltrated third-party CRM platform via social engineering. Attack part of broader ShinyHunters campaign targeting major corporations through Salesforce systems.
Cyber News Centre's cyber update for 19th August 2025: Workday has confirmed a significant data breach affecting its third-party customer relationship management platform, potentially impacting over 70 million users worldwide through sophisticated social engineering tactics.
Workday is a cloud-based enterprise software company specializing in human capital management, financial management, and planning applications. The S&P 500 constituent reported over $8.4 billion in revenue last year and serves more than 11,000 organizations globally, including over 60% of Fortune 500 companies.
Update: Workday disclosed on Friday, August 15, 2025, that threat actors infiltrated its third-party customer relationship management platform through a sophisticated social engineering campaign. The breach, discovered on August 6, exposed business contact information including names, email addresses, and phone numbers stored in the CRM system.
The company stated, “We want to let you know about a recent social engineering campaign targeting many large organizations, including Workday. We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform. There is no indication of access to customer tenants or the data within them.”
The incident has been linked to the ShinyHunters extortion group, which has been targeting Salesforce CRM instances through voice phishing and OAuth manipulation. Attackers typically impersonate IT or HR personnel, convincing employees to authorize malicious applications that grant persistent database access. Once inside, they exfiltrate company data for extortion purposes.
Workday terminated the unauthorized access, introduced additional safeguards, and reminded customers that it never requests passwords or secure details via phone.
Why it Matters: This breach highlights how third-party platforms can become entry points for attackers, with one compromised CRM exposing data across multiple organizations. For Australian businesses, the incident is a reminder that global supply chain breaches can quickly ripple into local operations. The ShinyHunters campaign also illustrates the growing sophistication of social engineering, where human deception is now as dangerous as technical exploits.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Elite Washington D.C. law firm Williams & Connolly, has confirmed a nation-state-backed cyberattack. The breach leveraged a zero-day vulnerability to access attorney email accounts, part of a broader espionage campaign targeting the US legal sector.
A third-party data breach at Discord has exposed the government-issued IDs of 70,000 users, highlighting the significant security risks associated with supply chain vulnerabilities and age verification processes. The incident has sparked extortion demands and raised concerns for Australian users.
Japan's largest brewer, Asahi Group Holdings, has confirmed a ransomware attack by the Qilin group, resulting in production shutdowns and the theft of 27GB of corporate data.
Oracle has issued an emergency patch for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite. The Clop ransomware group has been exploiting the flaw to steal executive data and launch widespread extortion campaigns affecting thousands of organisations globally.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
