I’ll say the elephant in the room - due to the sheer amount of Salesforce customers who have been hit, and that Salesforce is a fully SaaS service - Salesforce should have detected and been more proactive about all of their customer’s data being stolen. https://databreaches.net/2025/09/11/exclusive-high-end-fashion-retailers-gucci-balenciaga-brion-and-alexander-mcqueen-hit-by-salesforce-attacks/
@alex02 @GossiTheDog The other reason security is getting worse is because the rest of IT/Dev teams are being outsourced to lowest-bidder MSPs that don't give a sh*t about doing anything right.But when any remaining internal security staff (if they have enough Ops/Dev experience - which unfortunately, most audit/compliance staff don't) point out the questionable engineering standards to anyone in management... well, they're the bad person now!
As a follow up thread to this - if you use SAP Netweaver and present it directly to the internet, either patch CVE-2025-31324 or put a very robust mitigation in place in front of the SAP webapp. Patching rate is still absolutely abysmal, vast majority of orgs years behind any patching.https://cyberplace.social/@GossiTheDog/115142288361584633
That NodeJS supply chain hack incident is amazing because the threat actor(tm) got RCE access to like a billion devices and ran the world’s shittest Etherum dumper. Imagine if they had done reverse shells instead, or automated lateral movement to ransomware deployment NotPetya style. The thing that saved companies here was the threat actor was incompetent crypto boy, nothing more.
For anybody confused about how this happens, basically:- For about the past 15 years every business has been developing apps by pulling in 178 interconnected libraries written by 24 people in a shed in Skegness- For about the past 2 years orgs have been buying AI vibe coding tools, where some exec screams "make online shop" into a computer and 389 libraries are added and an app is farted outThe output = if you want to own the world's companies, just phish one guy in Skegness
That latest No Man’s Sky update is legit. Tonight I built a spaceship, flew it out into space, EVA’d out of the ship to another random person’s ship, stayed on board while they flew into atmosphere of a weird ass ocean planet, opened the airlock, waved them goodbye, jumped out and then found a tiny island to fish from while the sun set. In VR.
Donald Trump: I'm the peace time President.Also Donald Trump: "President Trump will rename the Defense Department the Department of War, the White House confirmed" https://edition.cnn.com/2025/09/04/politics/department-of-war-trump-executive-order
@GossiTheDog Wouldn’t the uptime rather suggest that they just plugged the cable back in?Doesn’t seem to even had bothered patching the routers beforehand.The routers could potentially be CEs and thus the responsibility of the service provider.
G
