Daily Digest

ShinyHunters Breaches Salesforce Ecosystem via Gainsight; SEC Drops Landmark SolarWinds Lawsuit

November 21, 2025

5 articles (4 new, 1 updated)

15 min read

Summary

This cybersecurity brief for November 20-21, 2025, covers major incidents including a ShinyHunters-led supply chain attack on Salesforce customers via the Gainsight app, the SEC's surprising dismissal of its lawsuit against SolarWinds and its CISO, and Microsoft's patching of an actively exploited Windows Kernel zero-day. Other key developments include a new SANS report on rising OT/ICS threats, the INC ransomware group targeting a Burj Khalifa fire-safety provider, and new cybersecurity regulations proposed in the UK.

Filter by Category

New Articles (4)

ShinyHunters Hits Salesforce Again, Breaching Customers via Gainsight App

HIGH

ShinyHunters Implicated in Major Salesforce Data Breach Through Compromised Gainsight Third-Party Application

Salesforce has disclosed a significant data breach affecting its customers, stemming from a compromised connection with the Gainsight customer success application. The notorious cybercrime group ShinyHunters, also tracked as UNC6240, has claimed responsibility for the attack, stating they exploited OAuth tokens to gain unauthorized access to approximately 285 additional Salesforce instances. In response, Salesforce has revoked credentials and removed the Gainsight apps from its AppExchange. The incident highlights the growing risk of supply chain attacks targeting trusted third-party SaaS integrations to pivot into major enterprise environments.

November 21, 2025

6 min read

OAuthSaaS SecurityThird-Party RiskAPI SecuritySupply Chain +1 more

ShinyHunters Hits Salesforce Again, Breaching Customers via Gainsight App

SEC Abandons Landmark Lawsuit Against SolarWinds and its CISO

INFORMATIONAL

SEC Voluntarily Dismisses High-Profile Lawsuit Against SolarWinds and CISO Over SUNBURST Attack Disclosures

In a surprising move, the U.S. Securities and Exchange Commission (SEC) has voluntarily dismissed its civil enforcement action against SolarWinds and its CISO, Timothy G. Brown. The lawsuit, filed in October 2023, had accused the company and Brown of misleading investors about their cybersecurity posture before the 2020 SUNBURST supply chain attack. The dismissal is seen as a major victory for the cybersecurity community, which had feared the case would set a dangerous precedent for holding security executives personally liable for breaches and create a chilling effect on transparency.

November 21, 2025

5 min read

SECCISO LiabilityLegalSolarWindsSUNBURST +2 more

SEC Abandons Landmark Lawsuit Against SolarWinds and its CISO

SANS Report: OT/ICS Cyber Incidents Rising, 40% Cause Downtime

INFORMATIONAL

SANS 2025 Report Reveals Alarming Rise in OT/ICS Incidents, with Ransomware Driving Disruptions

A new report from the SANS Institute highlights a dangerous trend in the security of Operational Technology (OT) and Industrial Control Systems (ICS). The '2025 State of ICS/OT Security Report' found that over 21% of organizations experienced a cyber incident in their OT environment in the past year. Of those, 40.3% suffered operational downtime. Ransomware was a primary cause, responsible for 37.9% of incidents, with unauthorized external connections being the top initial access vector. The report also points to a significant 'resilience gap,' with recovery times often exceeding one month.

November 21, 2025

5 min read

SANSOT SecurityICS SecurityCritical InfrastructureRansomware +1 more

SANS Report: OT/ICS Cyber Incidents Rising, 40% Cause Downtime

WEL Companies Investigated for Data Breach Affecting 122,960 People

HIGH

WEL Companies Faces Investigation Over Data Breach Exposing PII of 122,960 Individuals After 10-Month Notification Delay

The law firm Schubert Jonckheer & Kolbe LLP is investigating transportation and logistics firm WEL Companies, Inc., following a data breach that compromised the sensitive personal information of 122,960 people. The breach, which exposed names, Social Security numbers, and driver's license numbers, was first detected in January 2025. However, the company only began notifying victims in November 2025, a delay of nearly ten months that could lead to legal action for violating data breach notification laws.

November 21, 2025

4 min read

Data BreachPIISocial Security NumberSSNNotification Delay +2 more

WEL Companies Investigated for Data Breach Affecting 122,960 People

Updated Articles (1)

Patch Now: Microsoft Fixes Actively Exploited Windows Kernel Zero-Day

CRITICAL

Microsoft Patches Actively Exploited Windows Kernel Privilege Escalation Zero-Day (CVE-2025-62215) in November 2025 Patch Tuesday

Update:

The actively exploited Windows Kernel zero-day, CVE-2025-62215, has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, underscoring its critical threat level and the urgent need for patching. Microsoft also clarified that while exploitation is active, it is currently described as 'likely limited' and targeted. This update reinforces the importance of immediate remediation for all affected Windows systems.

November 20, 2025

Updated: November 21, 2025

5 min read

Patch TuesdayZero-DayWindows KernelPrivilege EscalationMicrosoft +1 more

Patch Now: Microsoft Fixes Actively Exploited Windows Kernel Zero-Day

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.