Colt Technology Services Breached – Warlock Gang Claims Attack

This week in cyber we’ve got a SaaS breach impacting Workday, a malicious ChatGPT app making the rounds, double trouble for telecom providers, and the takedown of a botnet-for-hire service. Cybersecurity Advisor Adam Pilton is here with useful insights on the attacks and safety advice.

Workday SaaS Breach Sparks Third-Party Risk Concerns

Workday has confirmed a security breach linked to one of its CRM vendors. The attacker used social engineering to compromise the third-party provider, exposing contact and personal information.

While Workday insists that no tenant data was directly accessed, the breach highlights a dangerous trend in SaaS supply chain attacks. If your vendors get hacked, you get hacked—by proxy.

Safety Advice

• Review your vendor risk assessments – It’s time to double-check your third-party security policies. Make sure you understand who has access to what.
• Include breach notifications in contracts – Your vendor agreements should require immediate disclosure of security incidents.
• Monitor logins from trusted apps – Don’t just trust known apps, monitor them for unusual behavior. Assume compromise is always a possibility.

PipeMagic: The Fake ChatGPT App That’s Actually Malware

A new modular malware framework named PipeMagic has been discovered masquerading as a ChatGPT application. It leverages a Windows zero-day vulnerability to maintain persistent access and has links to ransomware groups.

People love trying new AI tools, but this curiosity can quickly turn into a security nightmare.

Safety Advice

• Restrict software installations – Lock down endpoints and make sure only approved apps can be installed.
• Whitelist AI tools – Don’t let employees install just any AI-related software—define and whitelist safe options.
• Follow zero-day patches – Zero-days are prime territory for attackers. Make patching a non-negotiable priority.

iiNet Breach: Over 280,000 Email Addresses Exposed

Australia-based iiNet, owned by TPG Telecom, suffered a major breach. The attack exposed over 280,000 email addresses, 20,000 landline numbers, and even modem setup passwords. The breach originated from their order management system.

Small business customers are especially at risk here, as stolen credentials could lead to a surge in phishing and credential stuffing attempts.

Safety Advice

• Change reused passwords now – If you’re using the same password across accounts, now’s the time to stop.
• Use strong authentication – Two-factor authentication isn’t optional, it’s essential.
• Be alert for phishing – Remind your teams to recognize phishing emails, even if they look legitimate.

UK’s Colt Technology Services Hit by Warlock Gang

In a second major telecom attack, UK-based Colt Technology Services was targeted by the Warlock gang. The attackers claim to have exfiltrated hundreds of gigabytes of sensitive data and forced customer portals offline.

Telecoms are the backbone of digital infrastructure. When they go down, the domino effect hits businesses hard.

Safety Advice

• Plan for outages – Don’t wait for a provider to go down before scrambling for solutions.
• Diversify your connectivity – Relying on a single telco is risky, so consider failover options and multiple providers.

Rapper Bot DDoS Platform Taken Down by Law Enforcement

The infamous Rapper Bot, a DDoS-for-hire service, has been shut down. An Oregon man has been charged for operating the botnet, which hijacked thousands of IoT devices to launch massive attacks.

Even if your business wasn’t the target, your cheap smart camera or router might have helped the bad guys.

Safety Advice

• Audit all IoT devices – Know what’s connected to your network. Inventory matters.
• Change default passwords – Most IoT devices come with weak, default credentials. Change them—always.
• Segment your network – Isolate IoT gear from your critical systems. Keep the risky stuff away from the valuable stuff.

That wraps up this week’s Snapshot – five big stories, five takeaways. Staying informed and proactive can make all the difference.

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.