700+ Companies Hit by SalesLoft Drift Hack, Are You At Risk?
This week’s news takes us from password managers with a hidden flaw to the first glimpse of AI-powered ransomware, and from Jaguar Land Rover’s production lines grinding to a halt to hackers pushing ultimatums at Google. Add in fallout from the Salesloft breach rippling across big-name security vendors, and it’s a week packed with stories that hit close to home.
Listen on your favourite podcast platform - Spotify, Apple Podcasts and YouTube
Listen Now
Podcast · Risky Creative
New Hoxhunt Videos for Cyber Awareness Month 2025
We’ve teamed up with Hoxhunt again to create a fresh set of short videos for their 2025 Cyber Awareness Month Toolkit. From spotting deepfakes to understanding social engineering in chat apps, these 1–2 minute clips are designed to be shared widely and spark awareness conversations.
Get the toolkit here - https://hoxhunt.com/cybersecurity-awareness-month-toolkit-2025
This week's stories...
Password Managers Under Attack
Watch the discussion - https://youtu.be/Qfwq2z7EyFs?t=367
A new report has revealed a clickjacking flaw in major password manager browser extensions, including 1Password, Bitwarden, Dashlane, LastPass, NordPass and ProtonPass. The bug could expose sensitive details from up to 40 million users by tricking autofill into handing over data through invisible page overlays. Experts are stressing this isn’t a reason to ditch password managers, which remain one of the strongest defences against password reuse, but it is a reminder to tweak how you use them.
∠The Awareness Angle
-
Autofill off – Turn off automatic autofill in your password manager and switch to manual “on-click” mode.
-
MFA everywhere – Keep two-factor authentication on for all accounts, especially your password manager.
-
Don’t panic – Password managers are still one of the best tools to keep your accounts secure.
AI Ransomware Arrives: Meet PromptLock
Watch the discussion - https://youtu.be/Qfwq2z7EyFs?t=653
Researchers have discovered PromptLock, believed to be the first ransomware powered by artificial intelligence. Instead of relying on fixed malicious code, it runs an AI model locally on the victim’s machine to generate attack scripts on the fly. This makes it harder for traditional security tools to detect and block. For now, it looks more like a proof-of-concept than a widespread threat, but it shows how AI is being weaponised to make attacks smarter, faster and more adaptable.
Read more - https://cybersecuritynews.com/first-ai-ransomware/
∠The Awareness Angle
- Proof of concept today – PromptLock isn’t widespread yet, but it’s a sign of what’s coming.
-
AI arms race – Criminals are experimenting with AI just as much as defenders are.
-
Stay prepared – Basics like patching, backups, and detection tools remain the first line of defence.
Cyber Attack Stalls Jaguar Land Rover
Watch the discussion - https://youtu.be/Qfwq2z7EyFs?t=776
Jaguar Land Rover’s production was severely disrupted after a cyber attack forced systems offline on one of the busiest new car registration days in the UK. Employees were told not to return to work until systems were restored, and dealers had to fall back on manually phoning the DVLA to register new cars. Hackers claiming links to groups like Scattered Spider and ShinyHunters say they exploited a flaw in SAP NetWeaver, raising questions over patching and whether attackers had ever fully left the network after earlier incidents.
Read more - https://www.autocar.co.uk/car-news/new-cars/police-and-cyber-experts-brought-jlr-remains-crippled-hack
∠The Awareness Angle
- Business impact – Cyber attacks don’t just steal data, they can stop production lines in their tracks.
-
Patch management – Known vulnerabilities remain one of the most common entry points.
-
Persistence matters – Attackers may already be inside, even after a previous breach is “fixed.”
Salesloft Breach Ripples Across Big Vendors
Watch the discussion - https://youtu.be/Qfwq2z7EyFs?t=1320
A breach at Salesloft’s Drift chatbot platform has spilled over into some of the biggest names in cybersecurity. Attackers stole authentication tokens that connected Drift with tools like Salesforce, Google Workspace, AWS and Slack. So far, victims include Zscaler, Cloudflare, Palo Alto Networks, and more, and the list is still growing. Salesloft revoked all access and rotated tokens, while Google’s threat team linked the activity to a group known as UNC6395 (aka “Grub One”). For any business using Drift, the advice is simple: treat all tokens as compromised, rotate credentials, and review integrations for unusual activity.
Read more - https://www.crn.com/news/security/2025/5-cybersecurity-vendors-impacted-in-salesloft-drift-breach
∠The Awareness Angle
- Third-party risk – Integrations add value, but also open cracks in your defences.
-
Token takeover – Authentication tokens are as valuable as passwords to attackers.
-
Reset and review – Revoke, rotate, and investigate whenever a connected service is hit.
Do you have something you would like us to talk about? Are you struggling to solve a problem, or have you had an awesome success? Reply to this email telling us your story, and we might cover it in the next episode!
This Week's Discussion Points...
Password managers vulnerable: 40 million users at risk
Watch | Read
First AI ransomware ‘PromptLock’ discovered
Watch | Read
Jaguar Land Rover hit by cyber attack
Watch | Read
Salesloft breach grows bigger
Watch | Read
Reddit: Cyber Awareness Month phishing campaign ideas
Watch | Read
Joe Rogan tricked by AI video
Watch | Read
Gemini photo prompt exploit
Watch | Read
Subscribe to the Newsletter
Thanks for reading! If you’ve spotted something interesting in the world of cyber this week — a breach, a tool, or just something a bit weird — let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.
Guest Spot: AI Experience Podcast
Ant recently joined Julien Redelsperger on the AI Experience podcast to talk about how AI is reshaping cybersecurity. From deepfake voices to flawless phishing emails, scams are getting harder to spot, and yet sometimes the best defence still comes down to analogue checks and trusting your instincts.
The episode is available on all major podcast platforms. Click here to listen.
