Asahi Halts Production Due to Cyberattack
Asahi Halts Production Due to Cyberattack
Japanese beer giant Asahi Group Holdings confirmed a cyberattack that caused a system failure, forcing a complete suspension of production at its 30 domestic factories and halting its order processing, shipments, and call center operations across Japan. While the company stated there is no confirmed leakage of personal or customer data and that its international operations are unaffected, the incident’s impact on a critical industrial sector with a significant market share underscores the growing trend of cybercriminals prioritizing operational disruption. Asahi has not yet provided an estimated timeline for recovery.
Source: Cyber Press, Cyber Security News, GBHackers News
Zero-day Vulnerability Discovered in Cisco’s IOS Software
A high-severity zero-day vulnerability (CVE-2025-20352) has been discovered in Cisco’s IOS and IOS XE Software. The flaw is a stack-based buffer overflow in the SNMP subsystem that can be exploited by remote attackers to cause a denial-of-service condition or, in some cases, gain complete control of a system. Cisco has confirmed that the vulnerability is being exploited in the wild and recommends that customers upgrade to a fixed software release as soon as possible.
Source: The Hacker News
Volvo Group Data Stolen Through Ransomware Attack
A cyber attack, claimed by the DataCarry ransomware group, targeted Miljödata’s support systems for rehabilitation (Adato) and HR personnel notes (Novi). The incident impacted approximately 25 private companies, including Volvo Group, and roughly 200 Swedish municipalities. The leaked information, which includes names, addresses, phone numbers, government IDs, dates of birth, gender, and in some cases, employment and sick leave information, was posted on the DataCarry leak site. For Volvo Group employees, the compromised information includes their names and Social Security numbers. Volvo Group is offering affected individuals 18 months of free identity protection and credit monitoring services.
Source: Security Week, Cyber Security News
Salesforce AI Prompt Injection Patched
Salesforce has patched a critical vulnerability, dubbed ForcedLeak (CVSS 9.4), in its Agentforce platform used for building AI agents. The flaw is an indirect prompt injection vulnerability that could allow an attacker to exfiltrate sensitive CRM data. The attack works by inserting malicious instructions into the “Description” field of a Web-to-Lead form, which the AI agent then unknowingly executes when processing the lead, transmitting data to an attacker-controlled external domain. Salesforce fixed the issue by enforcing a Trusted URL allowlist to prevent data from being sent to untrusted URLs.
Source: The Hacker News
Harrods’ 430,000 Customer Personal Records Data Breached
Luxury department store Harrods disclosed a significant data breach affecting approximately 430,000 customer records after an attack on an unnamed third-party provider. The compromised data, limited to basic personal identifiers such as names and contact details, and some marketing preferences, was exfiltrated from the supplier’s system, not Harrods’ internal network. Harrods confirmed that no financial information or account passwords were accessed, and the retailer has refused to engage with the hackers, suggesting a ransom demand was made. Harrods has notified affected e-commerce customers and the Information Commissioner’s Office (ICO).
Source: Cyber Security News, Bleeping Computer
Click here to subscribe our Newsletter
Click here for inquiries regarding the partner system of Penta Security
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D.AMO
Check out the product lines of Cloudbric by Penta Security:
Cloud-based Fully Managed WAAP: Cloudbric WAF+
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Agentless Zero Trust Network Access Solution: Cloudbric RAS
Click here for inquiries regarding the partner system of Cloudbric