Issue #163 - August 18, 2025
- Weekly INK
- Aug 21
- 2 min read
Massive Allianz Life data breach impacts 1.1 million people
Source: BleepingComputer
Attackers used a malicious OAuth app to break into Allianz Life’s Salesforce CRM system and stole personal data from about 1.1 million customers. The breached information included names, birth dates, phone numbers and addresses. The ShinyHunters extortion gang claimed responsibility. Allianz warned customers that stolen records could enable convincing scams.
Pharmaceutical Company Inotiv Confirms Ransomware Attack
Source: Security Week
Pharmaceutical company Inotiv has notified the US Securities and Exchange Commission (SEC) that its business operations took a hit after hackers compromised and encrypted its internal systems. The incident, the organization said in a Form 8-K filing, occurred on August 8, and prompted Inotiv to initiate containment and remediation processes.
Critical SAP Vulns Under Exploitation in 'One-Two Punch' Attack
Source: Dark Reading
Two critical vulnerabilities found in SAP NetWeaver Visual Composer that were previously exploited are once again under attack from a new exploit. The exploit, which links the two vulnerabilities, was reportedly released on a Telegram channel representing Scattered Spider, ShinyHunters, and LAPSUS$.
Workday reveals CRM breach after social‑engineering attack
Source: Infosecurity Magazine
Business‑software provider Workday disclosed that attackers gained access to a third‑party CRM platform through a social‑engineering campaign similar to those executed by the ShinyHunters group. Contact details—names, email addresses and phone numbers—were stolen, although customer tenant data remained secure. Workday warned that the stolen data could fuel subsequent phishing or vishing scams.
Fake CAPTCHA pages deliver stealthy CORNFLAKE.V3 backdoor via ClickFix tactic
Source: The Hacker News
Researchers detailed a multi‑stage phishing campaign in which victims are lured to a fake CAPTCHA page that executes a PowerShell script when they click “fix.” The script installs the CORNFLAKE.V3 backdoor, which uses Cloudflare tunnels to evade detection and allows attackers to deploy additional payloads. The attack underscores the danger of running unknown scripts and highlights the need for user training and endpoint monitoring.