Stellantis Customer Data Breach Reported
Jeep and Dodge Parent Company Stellantis Confirms Customer Data Breach
A data breach at Stellantis, the parent company of car brands like Jeep and Dodge, has been confirmed. The breach occurred on a platform belonging to a third-party vendor that handled customer service operations in North America. The compromised data was limited to contact information, and no sensitive personal or financial details were exposed. Stellantis has launched an investigation, is notifying affected customers, and has advised them to be cautious of phishing attempts. Cybersecurity experts point out that this kind of breach is becoming more common as attackers look for vulnerabilities in supply chains rather than going after large companies directly.
Source: Hack Read, Bleeping Computer, Cyber Security News
Boyd Gaming Discloses Data Breach
Boyd Gaming, a US gaming and casino operator, has disclosed a data breach following a cyberattack. The company confirmed that threat actors gained unauthorized access to its systems and stole data belonging to employees and a limited number of other individuals. Boyd Gaming has engaged cybersecurity experts, notified law enforcement, and stated that it does not expect the incident to have a material adverse impact on its financial condition. The company is in the process of notifying the impacted individuals.
Source: Bleeping Computer
Zero-Click Vulnerability in ChatGPT’s Agent Enables Silent Gmail Data Theft
A vulnerability called “ShadowLeak” has been discovered in OpenAI’s ChatGPT Deep Research agent when it is connected to Gmail. The flaw, which was found by researchers at Radware, allows an attacker to steal sensitive Gmail data by sending a single, specially crafted email. The attack is considered “zero-click” because it requires no user interaction and is “service-side,” meaning the data is stolen directly from OpenAI’s cloud infrastructure, making it difficult to detect with traditional security defenses. Radware reported the vulnerability to OpenAI in June 2025, and it was patched in August.
Source: Infosecurity Magazine, Cyber Press
Cloudbric WAF+ by Penta Security Ranks No. 1 for 7th Consecutive Year in Japan’s ‘IT Trend’
Penta Security’s Cloudbric WAF+ has been ranked number one in Japan’s ‘IT Trend’ survey for the seventh consecutive year in both the Web Application Firewall (WAF) and Cyberattack Defense categories for 2025. The cloud security platform, which was launched in 2015, offers various web security services and uses an AI-based logical analysis engine. The company has a strong presence in the Japanese market and has been expanding internationally.
Source: CBS42
Gucci and Alexander McQueen Hit by Customer Data Breach
Luxury fashion brands Gucci, Alexander McQueen, and Balenciaga have been affected by a customer data breach. The hacking group ShinyHunters has claimed responsibility for the attack and states that it has obtained data related to 7.4 million unique email addresses. According to a sample of the data, the hackers have access to customer spending information, but no financial data was compromised. The brands’ parent company, Kering, has confirmed the cyberattack and is investigating the incident. This breach highlights the risks faced by luxury brands and the potential for follow-on fraud.
Source: Infosecurity Magazine, BBC, Technology Magazine
Click here to subscribe our Newsletter
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D.AMO
Click here for inquiries regarding the partner system of Penta Security
Check out the product lines of Cloudbric by Penta Security:
Cloud-based Fully Managed WAAP: Cloudbric WAF+
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Agentless Zero Trust Network Access Solution: Cloudbric RAS
Click here for inquiries regarding the partner system of Cloudbric