Daily Digest

ShinyHunters Breaches Salesforce Ecosystem via Gainsight; SEC Drops Landmark SolarWinds Lawsuit

ShinyHunters Breaches Salesforce Ecosystem via Gainsight; SEC Drops Landmark SolarWinds Lawsuit

November 21, 2025
5 articles (4 new, 1 updated)
15 min read

Summary

This cybersecurity brief for November 20-21, 2025, covers major incidents including a ShinyHunters-led supply chain attack on Salesforce customers via the Gainsight app, the SEC's surprising dismissal of its lawsuit against SolarWinds and its CISO, and Microsoft's patching of an actively exploited Windows Kernel zero-day. Other key developments include a new SANS report on rising OT/ICS threats, the INC ransomware group targeting a Burj Khalifa fire-safety provider, and new cybersecurity regulations proposed in the UK.

Filter by Category

New Articles (4)

ShinyHunters Hits Salesforce Again, Breaching Customers via Gainsight App

HIGH

ShinyHunters Implicated in Major Salesforce Data Breach Through Compromised Gainsight Third-Party Application

Salesforce has disclosed a significant data breach affecting its customers, stemming from a compromised connection with the Gainsight customer success application. The notorious cybercrime group ShinyHunters, also tracked as UNC6240, has claimed responsibility for the attack, stating they exploited OAuth tokens to gain unauthorized access to approximately 285 additional Salesforce instances. In response, Salesforce has revoked credentials and removed the Gainsight apps from its AppExchange. The incident highlights the growing risk of supply chain attacks targeting trusted third-party SaaS integrations to pivot into major enterprise environments.

November 21, 2025
6 min read
OAuthSaaS SecurityThird-Party RiskAPI SecuritySupply Chain +1 more
ShinyHunters Hits Salesforce Again, Breaching Customers via Gainsight App
Supply Chain Attack
Data Breach
Threat Actor

SEC Abandons Landmark Lawsuit Against SolarWinds and its CISO

INFORMATIONAL

SEC Voluntarily Dismisses High-Profile Lawsuit Against SolarWinds and CISO Over SUNBURST Attack Disclosures

In a surprising move, the U.S. Securities and Exchange Commission (SEC) has voluntarily dismissed its civil enforcement action against SolarWinds and its CISO, Timothy G. Brown. The lawsuit, filed in October 2023, had accused the company and Brown of misleading investors about their cybersecurity posture before the 2020 SUNBURST supply chain attack. The dismissal is seen as a major victory for the cybersecurity community, which had feared the case would set a dangerous precedent for holding security executives personally liable for breaches and create a chilling effect on transparency.

November 21, 2025
5 min read
SECCISO LiabilityLegalSolarWindsSUNBURST +2 more
SEC Abandons Landmark Lawsuit Against SolarWinds and its CISO
Policy and Compliance
Regulatory
Cyberattack

SANS Report: OT/ICS Cyber Incidents Rising, 40% Cause Downtime

INFORMATIONAL

SANS 2025 Report Reveals Alarming Rise in OT/ICS Incidents, with Ransomware Driving Disruptions

A new report from the SANS Institute highlights a dangerous trend in the security of Operational Technology (OT) and Industrial Control Systems (ICS). The '2025 State of ICS/OT Security Report' found that over 21% of organizations experienced a cyber incident in their OT environment in the past year. Of those, 40.3% suffered operational downtime. Ransomware was a primary cause, responsible for 37.9% of incidents, with unauthorized external connections being the top initial access vector. The report also points to a significant 'resilience gap,' with recovery times often exceeding one month.

November 21, 2025
5 min read
SANSOT SecurityICS SecurityCritical InfrastructureRansomware +1 more
SANS Report: OT/ICS Cyber Incidents Rising, 40% Cause Downtime
Industrial Control Systems
Threat Intelligence
Ransomware

WEL Companies Investigated for Data Breach Affecting 122,960 People

HIGH

WEL Companies Faces Investigation Over Data Breach Exposing PII of 122,960 Individuals After 10-Month Notification Delay

The law firm Schubert Jonckheer & Kolbe LLP is investigating transportation and logistics firm WEL Companies, Inc., following a data breach that compromised the sensitive personal information of 122,960 people. The breach, which exposed names, Social Security numbers, and driver's license numbers, was first detected in January 2025. However, the company only began notifying victims in November 2025, a delay of nearly ten months that could lead to legal action for violating data breach notification laws.

November 21, 2025
4 min read
Data BreachPIISocial Security NumberSSNNotification Delay +2 more
WEL Companies Investigated for Data Breach Affecting 122,960 People
Data Breach
Policy and Compliance

Updated Articles (1)

Patch Now: Microsoft Fixes Actively Exploited Windows Kernel Zero-Day

CRITICAL

Microsoft Patches Actively Exploited Windows Kernel Privilege Escalation Zero-Day (CVE-2025-62215) in November 2025 Patch Tuesday

Update:

The actively exploited Windows Kernel zero-day, CVE-2025-62215, has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, underscoring its critical threat level and the urgent need for patching. Microsoft also clarified that while exploitation is active, it is currently described as 'likely limited' and targeted. This update reinforces the importance of immediate remediation for all affected Windows systems.

November 20, 2025
Updated: November 21, 2025
5 min read
Patch TuesdayZero-DayWindows KernelPrivilege EscalationMicrosoft +1 more
Patch Now: Microsoft Fixes Actively Exploited Windows Kernel Zero-Day
Vulnerability
Patch Management
Threat Intelligence

📢 Share This Publication

Help others stay informed about cybersecurity threats