Representatives from Cisco reported that unknown attackers stole user information from Cisco[.]com as a result of a vishing attack (phone-based phishing) targeted at one of the employees.
The incident was detected on July 24, 2025. The investigation revealed that the attacker fraudulently gained access to a third-party provider’s cloud CRM system used by Cisco for customer relations. As a result, personal data from Cisco.com users were stolen, including: names, organization names, addresses, user IDs issued by Cisco, email addresses, phone numbers, and account metadata, including their creation dates.
The company emphasizes that the attacker did not gain access to confidential or internal information of corporate clients, nor to passwords or other sensitive data. The incident did not affect Cisco’s products and services, as well as other instances of the CRM system.
“When we discovered the attack, the intruder’s access to the compromised CRM system was immediately blocked, and Cisco initiated an investigation. We contacted data protection authorities and notified affected users, if required by law,” the company stated. “We are strengthening security measures to reduce the risk of such incidents in the future, including retraining employees on how to recognize and prevent phishing attacks.”
It has not been reported how many users were affected by this breach or if the attackers demanded a ransom for nondisclosure of the data.
Although Cisco did not disclose which CRM system was affected, the publication Bleeping Computer suggests that this incident may be related to Salesforce infrastructure, the use of social engineering, and vishing.
In recent months, similar attacks have been linked to the extortion group ShinyHunters, and Google’s specialists had previously warned about the group’s activity. Nearly identical breaches have already affected: Adidas, Qantas Airways, insurance company Allianz Life, several LVMH brands (Louis Vuitton, Dior, and Tiffany & Co), as well as the fashion house Chanel.
2025.02.06 — Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello
Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…
Full article →
2025.01.27 — YouTube plays hour-long ads to users with ad blockers
Users complain that YouTube plays very long unskippable ads. Sometimes such ads are longer than the video the person is watching. The issue was raised…
Full article →
2025.02.01 — Critical RCE vulnerability fixed in Cacti
A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…
Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.04.15 — Hackers exploit authentication bypass bug in OttoKit WordPress plugin
Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →