This week's Cybersecurity Incidents: 31 August – 7 September 2025
Share
Salesloft / Drift OAuth Token Breach
Attackers compromised OAuth tokens from the Salesloft–Drift integration, infiltrating services like Salesforce, Google Workspace (Gmail), Slack, and cloud storage. Google revoked impacted tokens and removed the Drift app from its marketplace. This exposed many organizations, especially those depending on SaaS integrations, to data access threats. The implication for SMBs could mean a high risk for many small businesses that rely on third-party SaaS tools without proper app governance. Token rotation right away, third-party app permission securing, and admin approvals enabled are required. (SecurityWeek)
Gmail Headlines Clarified
Widespread reports claimed Google had notified all 2.5 billion Gmail users of a breach. Google clarified this adding that the issue was limited to Workspace accounts using Drift integrations. Tokens were revoked and targeted admins were notified. The implications for SMB’s show no mass Gmail breach but heightened phishing as a risk using misleading Gmail alerts that means SMBs should reinforce MFA and staff security awareness. (SecurityWeek)
Anthropic: AI-Powered Cybercrime Spike
Anthropic revealed that attackers misused its Claude AI models to automate reconnaissance, generate ransomware code, and scale phishing and extortion campaigns demonstrating end-to-end AI abuse. Anthropic disrupted several such campaigns. Implication for SMBs could be a critical risk that AI enables highly convincing, automated scams. This means that businesses need to prioritise the training of staff on AI-generated threats, including enforcing dual-verification for transfers, and ensure MFA. (SecurityWeek)
Record-Breaking DDoS Mitigation by Cloudflare
Cloudflare thwarted a massive 11.5 Tbps DDoS attack (peaked in just 35 seconds), likely launched from cloud and IoT botnets. Their automated defences held firm.
Implication for SMBs: Growing DDoS threat. SMBs hosting customer-facing services should evaluate cloud-based DDoS protection to avoid any service disruptions and in turn lo of business and reputation. (SecurityWeek)
Jaguar Land Rover Cyber Incident
Jaguar Land Rover (JLR) suffered a cyber incident in early September that disrupted production and retail operations. Factories paused, and staff were sent home while systems were shut down. There has been no confirmed customer data breach yet. The implication for SMBs particularly the ones serving as parts suppliers, could halt operations and have devastating consequences. To mitigate this type of incident companies should ensure strong segmentation, incident plans, and verify supplier cyber hygiene. (CM Alliance)
Miljödata Ransomware in Sweden
Swedish IT supplier Miljödata used by about 80% of municipalities for HR/workplace systems was hit by ransomware, disrupting 200 municipalities. Sensitive personal data may be compromised with a ransom demand of about 1.5 BTC. The implication of this for vendors serving public the sector will enhance the need to be prepared for tight vendor security requirements and potential liability. And potentially meaning that SMB IT providers must harden operations as appropriate. (CM Alliance)
Nissan’s Creative Box Data Breach
Nissan’s design arm, Creative Box, suffered from an unauthorized access incident. The Qilin ransomware group claimed that they stole 4 TB of design files, and Nissan confirmed the data leak is under investigation. The wider implication of this will mean that business that handle valuable IP even on a small scale should see this is as a red flag and move to ensure all design repositories are encrypted and strictly control the access. (CM Alliance)
FEMA Breach and IT Staff Firings
The Department of Homeland Security announced a breach at FEMA and terminated 24 staff for failing to address system vulnerabilities. The oversight and investigations are unfolding of the full picture yet. Implication for businesses dealing with Federal contractors should anticipate strict cybersecurity vetting and compliance. Now’s a good time to fortify your systems, especially if involved with public agencies. (CM Alliance)
Quick Guide Table
|
Incident |
Key Message for SMBs |
|
Salesloft/Drift OAuth breach |
Rotate tokens, audit 3rd-party apps, tighten SaaS governance |
|
Gmail headlines correction |
Don’t assume Gmail breach, boost phishing training and MFA |
|
Anthropic AI misuse |
Train employees on AI phishing risks, reinforce auth checks |
|
Massive DDoS blocked |
Use CDNs/DDoS protection for customer-facing systems |
|
JLR disruption |
Validate supplier security and maintain incident plans |
|
Miljödata ransomware |
Prepare for vendor hedge risk and compliance demands |
|
Nissan IP theft |
Secure IP with encryption and strict access policies |
|
FEMA IT shake-up |
For gov’t contractors: improve posture and breach readiness |
Plain-Speaking Conclusion
This week’s cyber threats highlight one clear fact that no business is too small to be targeted. We have seen supply-chain token thefts and AI-powered phishing not to mention record-breaking DDoS attacks, threats are accelerating and evolving. But the good news is that SMBs can take real, tangible steps to boost their resilience.
Start with the basics revoke unused tokens, enforce MFA, and review third-party access. Then train your team especially against AI-generated scams and phishing. If you’re online facing, consider investing in DDoS protection to keep services available and treat your suppliers and clients as if part of your chain and secure all points where possible. You should also guard your intellectual property, especially critical designs or data, with encryption and strong access control, and make sure you back ups are up to date and stored separately.
Stay aware, stay prepared, and keep making small changes that add up to real protection.
By Cyber Padlocking