Here are some interesting updates about cybersecurity threats and new trends.
Chanel Data Breach Exposes U.S. Customer Details in Salesforce Attack
A third-party data breach at Chanel, discovered July 25, 2025, exposed the personal information of American customers who contacted its U.S. customer care center. Attributed to the ShinyHunters cyber extortion group, the breach exploited Salesforce’s cloud platform using voice phishing to trick employees into granting access to a malicious application. Attackers accessed names, emails, phone numbers, and mailing addresses, but no financial or login data was compromised. Chanel contained the breach, notified affected clients, and its core operations remain unaffected. The incident is part of a broader campaign targeting major brands via social engineering rather than product vulnerabilities, increasing phishing risks for affected customers.
Source: CPO Magazine
Drug Development Firm Inotiv Discloses Major Cyberattack to SEC
Indiana-based drug development firm Inotiv disclosed a ransomware attack in an SEC filing, revealing that hackers encrypted critical systems on August 8, 2025, disrupting operations and restricting access to internal networks, data storage, and business applications. The company is using offline alternatives while restoring systems and has notified law enforcement. Initially unnamed, the Qilin ransomware gang later claimed responsibility, alleging theft of 176 GB of research data spanning a decade. Inotiv, which earned $374.9 million in the first three quarters of 2025, is uncertain about financial impacts. The attack adds to a growing wave of cyber incidents targeting healthcare companies.
Source: The Record
Farmers Insurance Confirms Third-Party Data Breach Affecting 1.1 Million Customers
Farmers Insurance confirmed a third-party data breach linked to the Salesforce vishing campaign, exposing the personal details of over 1.1 million people. Investigators found customer names, driver’s license numbers, birth dates, addresses, and partial Social Security numbers were accessed, though no evidence suggests misuse or internal systems compromise. The vendor quickly contained the intrusion, and Farmers notified authorities, launched forensic investigations, and offered 24 months of free identity monitoring to victims. The breach resembles attacks by ShinyHunters targeting third-party CRM vendors, highlighting modern supply chain risks where weaker external partners become entry points for cybercriminals exploiting social engineering tactics.
Source: CPO Magazine
Google’s Gemma 3 270M Sets New Standard in Energy-Efficient AI
Google’s Gemma family of open AI models has seen significant advancements with the launch of Gemma 3, Gemma 3 QAT, and Gemma 3n, enabling state-of-the-art AI on both cloud and edge devices. The newly released Gemma 3 270M is a compact, 270-million parameter model built for task-specific fine-tuning, boasting strong instruction-following and efficient text structuring. With its large vocabulary and energy efficiency, it runs on-device with minimal power use and costs using only 0.75% battery for 25 chats on a Pixel 9 Pro. Gemma 3 270M is ideal for high-volume, well-defined tasks like sentiment analysis, entity extraction, and compliance, and supports fine-tuning for fast, private, and inexpensive AI deployment. Its small size accelerates experimentation, and real-world use cases have seen it outperform larger models on specialized tasks, empowering efficient, creative AI solutions for developers of any scale.
Source: Google for Developers
House of Commons Data Breach Exposes Employee Information Through Microsoft Flaw
Canada’s House of Commons suffered a significant cyberattack in August 2025, when an unknown threat actor exploited a Microsoft vulnerability to access private databases containing employee names, job titles, office locations, email addresses, and technical details of devices managed by the Commons. The breach was detected through an internal alert and prompted immediate investigation by the House of Commons and Canada’s Communications Security Establishment, though no group or nation has been officially linked to the incident yet. Officials warned that the accessed data could be used for scams or impersonation of parliamentarians, urging personnel to stay vigilant. The cyberattack reflects a sharp increase in threats to Canadian institutions, with adversarial nations such as China, Russia, and Iran increasingly engaged, but attribution remains unclear in this case. The incident underscores the growing risks posed by vulnerabilities in frequently used technologies and stresses the need for robust security defenses
Source: CBC
.jpeg)