Cybersecurity

August 7 - August 13, 2025
2 min read
Data breaches

META DESCRIPTION: Weekly cybersecurity roundup: Verified data breaches from August 5–12, 2025, including Google’s Salesforce CRM disclosure and Cisco vishing incident, with sources and context.

Weekly summary on Cybersecurity: Data breaches for the date range August 5, 2025 to August 12, 2025 includes notable disclosures by Google and Cisco tied to social engineering and CRM access vectors[1][2].

Key developments:

  • Google confirms a breach of a corporate Salesforce CRM instance by ShinyHunters (UNC6040), affecting about 2.55 million prospective Ads business contacts; disclosed August 5, 2025, with notifications completed by August 8, 2025[1].
  • Cisco reports a vishing (voice phishing) incident disclosed August 5, 2025, involving access to user data such as email addresses and phone numbers via social engineering of an employee[2].
  • Multiple organizations were targeted through Salesforce-related social engineering tactics in early August 2025, with attackers impersonating IT and persuading employees to install a fake app to access data[2].

Context and impact:

  • The Google incident did not affect Google Ads, Google Cloud, or other product data; exposed records were business contact details (e.g., company names, phone numbers, and related notes), with no payment data impacted[1].
  • Attackers used voice phishing and a malicious app masquerading as Salesforce Data Loader to authorize large-scale data extraction; some attempts included requesting credentials and MFA codes[1].
  • Cisco’s disclosure underscores continued effectiveness of vishing to bypass user controls, aligning with broader August reports of Salesforce-targeted social engineering across companies[2].

Methodologies observed:

  • Social engineering (vishing) to gain authorization for malicious applications and extract CRM data[1][2].
  • Use of fake tooling mimicking legitimate Salesforce utilities to escalate data access[1].

Editor’s note on scope:

  • This summary focuses on verified incidents with disclosures between August 5 and August 12, 2025, prioritizing primary confirmation and reputable roundup reporting[1][2].

REFERENCES [1] Bright Defense. (2025, August 5). List of recent data breaches in 2025: Google confirms Salesforce breach affecting 2.55 million business contacts; disclosure and notification timeline. Retrieved August 13, 2025, from https://www.brightdefense.com/resources/recent-data-breaches/

[2] Tech.co. (2025, August 6). Data breaches that have happened this year (2025 update): August 2025 entries including Google Salesforce CRM breach and Cisco vishing attack. Retrieved August 13, 2025, from https://tech.co/news/data-breaches-updated-list

Published: August 13, 2025
by Enginerds Research Team

Editorial Oversight

Editorial oversight of our insights articles and analyses is provided by our chief editor, Dr. Alan K. — a Ph.D. educational technologist with more than 20 years of industry experience in software development and engineering.

Share This Insight

Insight Details
Explore This Topic
Topic Overview Latest News All Insights Data breaches Archive

Related Content

Topic Hub

Cybersecurity Overview

Comprehensive coverage of Cybersecurity trends and insights

Insights Archive

Latest Cybersecurity Insights

Browse historical insights and analysis

News

Cybersecurity News & Articles

Latest news articles and developments

Related Topics

Explore Enterprise Technology & Cloud Services

Related insights in Enterprise Technology & Cloud Services

Related Topics

Explore Tech Business & Industry Moves

Related insights in Tech Business & Industry Moves

An unhandled error has occurred. Reload 🗙