France's third-largest mobile operator Bouygues Telecom confirms cyberattack exposing personal data of 6.4 million customers including contact details, IBANs, and contractual information.
AI is no sideshow in markets. It sits on the trading desk and eyes the corner office. Funds and banks are hiring engineers, building agents, and shrinking research cycles. From BlackRock’s Asimov to TikTok traders, money meets code. Next comes AI to AI trading at machine speed. Shift is real.
University of Western Australia confirms cyberattack exposing password information for thousands of students and staff. All users locked out of systems pending mandatory password resets as investigation continues into Saturday's security incident.
Google confirms ShinyHunters hackers breached its Salesforce database in June, stealing small business contact information through voice phishing attacks. The tech giant fell victim to the same campaign it had warned others about, highlighting sophisticated social engineering threats.
Cyber News Centre's cyber update for 8th August 2025: Google has confirmed that the notorious ShinyHunters hacking group successfully breached one of its corporate Salesforce database systems in June, stealing contact information for small and medium-sized businesses through sophisticated voice phishing attacks.
Update: Google disclosed on August 5 2025, that hackers from the ShinyHunters group, formally designated as UNC6040, successfully breached one of its corporate Salesforce database instances in June 2025. The attack targeted a system used to store contact information and related notes for small and medium-sized businesses. According to Google's Threat Intelligence Group, the attackers used voice phishing techniques to trick company employees into granting access to the cloud-based Salesforce database.
The breach occurred during what Google described as "a small window of time before the access was cut off." The compromised data was confined to basic business information including business names and contact details, which Google characterized as "largely publicly available business information."
The incident represents a significant irony, as Google had warned other organizations about ShinyHunters' ongoing Salesforce-targeting campaign just weeks before falling victim to the same attack methods. Google has not disclosed the exact number of affected businesses, and the company's spokesperson declined to provide additional details beyond the official blog post disclosure.
The breach is part of a broader campaign by ShinyHunters that has targeted multiple major corporations including Cisco, Qantas, Allianz Life, Louis Vuitton, Dior, Tiffany & Co., and Pandora. Security researchers indicate that ShinyHunters has been conducting these attacks since early 2025, using sophisticated social engineering techniques to manipulate employees into installing malicious applications or providing credentials that grant access to Salesforce instances.
Why it Matters: This breach demonstrates that even cybersecurity-aware technology giants are vulnerable to sophisticated social engineering attacks, highlighting the threat landscape facing businesses that rely on cloud-based customer relationship management systems. The incident underscores the effectiveness of voice phishing attacks against human targets, as technical security measures cannot fully protect against employees being manipulated through convincing telephone-based social engineering. For organizations using Salesforce or similar cloud platforms, this breach serves as a critical reminder that employee training and awareness programs are essential components of cybersecurity defense strategies.
The broader ShinyHunters campaign, which has already extracted approximately $400,000 in ransom payments from at least one victim, indicates that threat actors are increasingly targeting cloud-based business systems that contain valuable customer data. Google's disclosure also reveals that ShinyHunters is preparing to escalate their extortion tactics by launching a data leak site, potentially exposing stolen information publicly if ransom demands are not met. This development poses significant risks to Australian businesses that may become targets of similar attacks, as the exposure of customer contact information could lead to regulatory penalties, reputational damage, and loss of competitive advantage in the marketplace.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
France's third-largest mobile operator Bouygues Telecom confirms cyberattack exposing personal data of 6.4 million customers including contact details, IBANs, and contractual information.
University of Western Australia confirms cyberattack exposing password information for thousands of students and staff. All users locked out of systems pending mandatory password resets as investigation continues into Saturday's security incident.
New Zealand cybersecurity study reveals 200,000+ compromised credentials from government agencies, health providers, and banks for sale on dark web. nWebbed Intelligence analysis exposes massive credential exposure affecting critical sectors across Trans-Tasman region.
Cisco discloses data breach affecting user accounts after employee falls victim to sophisticated vishing attack. Meanwhile, North St. Paul confirms cybersecurity incident targeting police department email systems requiring emergency council response.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
