CyberNews: 14/09/2025 Edition

Today’s roundup

Summary

The National Credit Information Center (CIC) of Vietnam suffered a major breach by ShinyHunters, exploiting an unpatched vulnerability in end-of-life software to steal financial data tied to institutions including Agribank and VPBank. Vietnam’s cybersecurity agencies confirmed unauthorized access, while Resecurity verified leaked samples on dark web markets. The breach risks nationwide identity theft and financial fraud. Separately, the FBI issued an alert on cybercriminal groups UNC6040 and UNC6395 targeting Salesforce platforms through social engineering and compromised OAuth tokens, impacting corporations like Google and Cisco. UNC6040 uses vishing to deploy malicious apps for data extraction, while UNC6395 exploited Salesloft Drift integrations before token revocation. Both campaigns emphasize systemic weaknesses in third-party SaaS ecosystems, with law enforcement advising enhanced MFA and API monitoring.