CISA released two Industrial Control Systems (ICS) advisories on August 5, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Pandora confirms data breach amid ongoing Salesforce data theft attacks
Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce data theft attacks.
Pandora is one of the largest jewellery brands in the world, with 2,700 locations and over 37,000 employees.
“We are writing to inform you that your contact information was accessed by an unauthorized party through a third-party platform we use,” reads a Pandora data breach notification sent to customers.
Global Cyber Authorities Warn of Escalating Threat from Scattered Spider Group
In a joint cybersecurity advisory, authorities from the United States, Canada, the United Kingdom, and Australia have issued an urgent warning regarding the evolving tactics of the cybercriminal group known as Scattered Spider. This advisory comes from a coalition that includes the FBI, CISA, RCMP, NCSC-UK, ASD’s ACSC, CCCS, and the Australian Federal Police, reflecting the transnational scale and severity of the threat.
Scattered Spider—also tracked as UNC3944, Oktapus, Storm-0875, and Muddled Libra—has gained infamy for its brazen intrusions into commercial sectors, critical infrastructure, and IT service providers. The group’s attacks are marked by sophisticated social engineering, data theft, and ransomware extortion campaigns.
Accelerate together: Zero trust
Are you ready to accelerate zero trust at your agency?
“You have to be able to scale across hundreds of teams, thousands of workloads,” says AWS Principal Technologist Sean Phuphanich, when discussing how to make a zero trust architecture the foundation for modernization. “That’s really where a lot of the stumbling blocks come into play because then you’re dealing with a lot of different teams, different environments, different tools.”
Johnson Controls starts notifying people affected by 2023 breach
Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company’s operations worldwide in September 2023.
Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, HVAC systems, and fire safety equipment for buildings. The company employs over 100,000 people through its corporate operations and subsidiaries across 150 countries, reporting sales of $27.4 billion in 2024.
TSA seeks OMB approval to extend pipeline security and cyber incident reporting requirements
The U.S. Department of Homeland Security issued a 30-day notice that the Transportation Security Administration (TSA) has submitted an Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and approval. The request seeks to extend the current data collection related to pipeline security incidents, apart from the contact details of designated cybersecurity coordinators and their alternates.
A Proposal for a Zero-Trust-Based Multi-Level Security Model and Its Security Controls
The rapid advancement of technology and increasing data utilisation have underscored the need for new models to manage and secure big data effectively. However, the constraints of isolated network environments and the limitations of existing security frameworks hinder the adoption of cutting-edge technologies such as AI and cloud computing, as well as the safe utilisation of data.
Fashion giant Dior discloses cyberattack, warns of data breach
House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information.
A spokesperson for the firm told BleepingComputer that the incident impacts Dior Fashion and Accessories customers. Currently, cybersecurity experts are investigating the incident to determine its scope.
US House Approves Bill to Assess Security Threats Posed by Foreign-Made Routers
A new bill requiring the US Commerce Department to assess the national security risks associated with routers and modems controlled by adversarial nations is one step closer to becoming law after passing the House of Representatives.
The House passed the Removing Our Unsecure Technologies to Ensure Reliability and Security (ROUTERS) Act on April 28, advancing the legislation after it was cleared by the House Energy and Commerce Committee three weeks earlier.
Building a Zero Trust Federation
Zero trust is a security paradigm whose fundamental philosophy is that every access to a resource must be explicitly verified, without assuming trust based on origin or identity. In a federated environment composed of multiple domains, ensuring zero trust guarantees for accessing shared resources is a challenge, as information on requesters is generated by their originating domain, yet requires explicit verification from the domain owning the resource.