700+ Companies Hit by SalesLoft Drift Hack, Are You At Risk?

This week’s news takes us from password managers with a hidden flaw to the first glimpse of AI-powered ransomware, and from Jaguar Land Rover’s production lines grinding to a halt to hackers pushing ultimatums at Google. Add in fallout from the Salesloft breach rippling across big-name security vendors, and it’s a week packed with stories that hit close to home.

Listen on your favourite podcast platform - Spotify, Apple Podcasts and YouTube

Listen Now

Podcast · Risky Creative

New Hoxhunt Videos for Cyber Awareness Month 2025

We’ve teamed up with Hoxhunt again to create a fresh set of short videos for their 2025 Cyber Awareness Month Toolkit. From spotting deepfakes to understanding social engineering in chat apps, these 1–2 minute clips are designed to be shared widely and spark awareness conversations.

Get the toolkit here - https://hoxhunt.com/cybersecurity-awareness-month-toolkit-2025

This week's stories...

Password Managers Under Attack

Watch the discussion - https://youtu.be/Qfwq2z7EyFs?t=367

A new report has revealed a clickjacking flaw in major password manager browser extensions, including 1Password, Bitwarden, Dashlane, LastPass, NordPass and ProtonPass. The bug could expose sensitive details from up to 40 million users by tricking autofill into handing over data through invisible page overlays. Experts are stressing this isn’t a reason to ditch password managers, which remain one of the strongest defences against password reuse, but it is a reminder to tweak how you use them.

∠The Awareness Angle

Autofill off – Turn off automatic autofill in your password manager and switch to manual “on-click” mode.
MFA everywhere – Keep two-factor authentication on for all accounts, especially your password manager.
Don’t panic – Password managers are still one of the best tools to keep your accounts secure.

AI Ransomware Arrives: Meet PromptLock

Watch the discussion - https://youtu.be/Qfwq2z7EyFs?t=653

Researchers have discovered PromptLock, believed to be the first ransomware powered by artificial intelligence. Instead of relying on fixed malicious code, it runs an AI model locally on the victim’s machine to generate attack scripts on the fly. This makes it harder for traditional security tools to detect and block. For now, it looks more like a proof-of-concept than a widespread threat, but it shows how AI is being weaponised to make attacks smarter, faster and more adaptable.

∠The Awareness Angle

Proof of concept today – PromptLock isn’t widespread yet, but it’s a sign of what’s coming.
AI arms race – Criminals are experimenting with AI just as much as defenders are.
Stay prepared – Basics like patching, backups, and detection tools remain the first line of defence.

Cyber Attack Stalls Jaguar Land Rover

Watch the discussion - https://youtu.be/Qfwq2z7EyFs?t=776

Jaguar Land Rover’s production was severely disrupted after a cyber attack forced systems offline on one of the busiest new car registration days in the UK. Employees were told not to return to work until systems were restored, and dealers had to fall back on manually phoning the DVLA to register new cars. Hackers claiming links to groups like Scattered Spider and ShinyHunters say they exploited a flaw in SAP NetWeaver, raising questions over patching and whether attackers had ever fully left the network after earlier incidents.

∠The Awareness Angle

Business impact – Cyber attacks don’t just steal data, they can stop production lines in their tracks.
Patch management – Known vulnerabilities remain one of the most common entry points.
Persistence matters – Attackers may already be inside, even after a previous breach is “fixed.”

Salesloft Breach Ripples Across Big Vendors

Watch the discussion - https://youtu.be/Qfwq2z7EyFs?t=1320

A breach at Salesloft’s Drift chatbot platform has spilled over into some of the biggest names in cybersecurity. Attackers stole authentication tokens that connected Drift with tools like Salesforce, Google Workspace, AWS and Slack. So far, victims include Zscaler, Cloudflare, Palo Alto Networks, and more, and the list is still growing. Salesloft revoked all access and rotated tokens, while Google’s threat team linked the activity to a group known as UNC6395 (aka “Grub One”). For any business using Drift, the advice is simple: treat all tokens as compromised, rotate credentials, and review integrations for unusual activity.

∠The Awareness Angle

Third-party risk – Integrations add value, but also open cracks in your defences.
Token takeover – Authentication tokens are as valuable as passwords to attackers.
Reset and review – Revoke, rotate, and investigate whenever a connected service is hit.

Do you have something you would like us to talk about? Are you struggling to solve a problem, or have you had an awesome success? Reply to this email telling us your story, and we might cover it in the next episode!

This Week's Discussion Points...

Password managers vulnerable: 40 million users at risk
Watch | Read

First AI ransomware ‘PromptLock’ discovered
Watch | Read

Jaguar Land Rover hit by cyber attack
Watch | Read

Salesloft breach grows bigger
Watch | Read

Reddit: Cyber Awareness Month phishing campaign ideas
Watch | Read

Joe Rogan tricked by AI video
Watch | Read

Gemini photo prompt exploit
Watch | Read

Subscribe to the Newsletter

https://www.riskycreative.com

Thanks for reading! If you’ve spotted something interesting in the world of cyber this week — a breach, a tool, or just something a bit weird — let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.

Guest Spot: AI Experience Podcast

Ant recently joined Julien Redelsperger on the AI Experience podcast to talk about how AI is reshaping cybersecurity. From deepfake voices to flawless phishing emails, scams are getting harder to spot, and yet sometimes the best defence still comes down to analogue checks and trusting your instincts.

The episode is available on all major podcast platforms. Click here to listen.