Cybersecurity Decrypted #45: Black Hat Hits Vegas, ClickTok Scams Online Shoppers, Chanel Hit By Breach

Black Hat Hits Vegas 

This week, the annual Black Hat USA conference returns to the Mandalay Bay Convention Center in Las Vegas. The six-day event will see thousands of cybersecurity professionals and enthusiasts gather to take part in specialized trainings, briefings, network events, and more. Our team are on the ground in Vegas covering the event. Keep an eye out for our round-up of the key takeaways on Friday! 🔗 

“ClickTok” Scam Targets TikTok Shoppers 

Researchers at CTM360 have discovered a new global scam operation that uses fake TikTok shops to spread SparkKitty spyware. The spyware accesses the user’s photo gallery, looking for screenshots that contain cryptocurrency wallet credentials and ultimately enabling attackers to steal digital funds. 🔗 

New Report Finds Only 55% Of LLM-Generated Code Is Secure 

Veracode’s new 2025 GenAI Code Security Report tested over 100 LLMs across Java, Python, C#, and JavaScript, and found that, while 90% of AI-generated code compiled without error, a huge 45% of samples failed security tests and introduced OWASP Top 10 vulnerabilities into the code.  🔗 

Chanel Hit By Data Breach 

The French fashion giant is the latest victim in a wave of attacks targeting Salesforce data, which have been attributed to the ShinyHunters extortion group. Chanel first detected the breach on July 25th, and has confirmed that the group was able to access the names, addresses, and contact details of customers who’d contacted their client care center in the US. Chanel has informed those affected by the breach.  🔗 

Akira Group Targets SonicWall Devices 

According to researchers at Arctic Wolf and confirmed by Huntress, the Akira ransomware gang is targeting SonicWall SSL VPN connections with ransomware intrusions. SonicWall is actively investigating reports to determine whether a new vulnerability is responsible for the attacks. 🔗 

Attackers Abuse Link-Wrapping To Steal M365 Logins 

According to research from Cloudflare, threat actors are leveraging Proofpoint and Intermedia’s link wrapping/URL re-writing features to redirect users to fraudulent Microsoft 365 phishing pages. Cloudflare said the attackers likely compromised Proofpoint- and Intermedia-protected email accounts, then used those accounts to distribute the malicious links. 🔗 

Microsoft Offers $5 Million Reward At Hacking Event 

Microsoft has announced that a $5 million USD reward is up for grabs for security researchers taking part in their Zero Day Quest hacking competition, set to take place at the company’s Redmond campus in Spring 2026. To qualify for the invite-only event, researchers must send in their vulnerability submissions between August 4th and October 4th 2025. 🔗 

New Product Announcements Unveiled At Black Hat 

Several companies have announced major product developments during the first half of Black Hat USA 2025 this week: 

• Qualys announced its Agentic AI-powered risk operations centre (ROC) product, which will use AI agents to manage and contain risk.  

• Descope unveiled their Agentic Identity Control Plane, which will provide policy-based security guardrails for AI agents and MCP servers. 

• BeyondTrust launched Phantom Labs, its formal research organization focused on uncovering emerging identity threats. 

• Upwind completed its integration of Nyx, launching an industry-first unified Cloud and Application Detection and Response platform. 

• Straiker is advancing its Defender AI and Ascend AI platforms to help organizations secure agentic AI environments. 

• Kindo is expanding its AI-native automation platform to help enterprises rein in AI ecosystem sprawl. 

Flurry Of Cybersecurity Funding Continues 

Last week’s flurry of funding announcements has yet to slow down, with the following companies revealing big news this week:  

• Noma Security: $100 million in Series B 

• SAFE: $70 million in Series C 

• Dropzone AI: $37 million in Series B  

US Senate Names New National Cyber Director 

Five months after he was nominated for the position, the US Senate voted 59-35 to confirm Sean Cairncross as the country’s third National Cyber Director. The former COO and legal adviser at the Republican National Committee also served as the CEO of the Millennium Challenge Corporation during Trump’s first term. 🔗 

Russia Imposes Internet Blackouts On Citizens 

The Russian government imposed over 2,000 shutdowns of mobile internet services in July, in response to alleged Ukrainian drone attacks. The internet watchdog estimates economic losses at nearly 26 billion rubles ($290 million USD) in July alone, and rights groups and digital watchdogs have questioned the necessity of the blackouts.  🔗 

Meta Found Guilty In Privacy Ruling 

A jury found that Meta has been deliberately harvesting the data of women who shared their sensitive health information with the popular period tracking app, Flo, illegally invading users’ privacy. The civil case “sends a message to the industry”, says Suzanne Bernstein, counsel at the Electronic Privacy Information Center, about how far tech companies can go when it comes to collecting personal data for use in targeted advertising. 🔗 

Illumina Reaches $9.8 Million Settlement 

The genome sequencing company has agreed to the multi-million-dollar settlement with the DOJ in response to allegations that it sold the US government unsecure genome sequencing systems. In a press release, the DOJ said Illumina “knowingly failed to incorporate product cybersecurity in its software design, development, installation, and on-market monitoring.” 🔗 

The Mid-Market Company’s Guide to Cybersecurity 

Stay ahead of evolving threats with Thrive’s Mid-Market Company’s Cybersecurity Guide. Tailored for growing businesses, this guide covers essential strategies to protect your IT infrastructure, avoid common security missteps, and meet compliance standards 

The Ultimate Guide to Bulletproof Password Security for Businesses 

Find out about password inefficiencies, vulnerabilities and which Password Management Software provides the best solution for your business 

Top Identity & Access Management Solutions: Find The Best IAM Tool For Your Business 

We’ve reviewed the top Identity and Access Management (IAM) solutions, assessing features like Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access controls.  

Securing The New GenAI Battleground: The Browser 

Or Eshed, CEO and Co-Founder at LayerX Security, explains why the browser has become the place to consume AI, and how security teams can enable the secure use of browser-based AI without limiting user productivity. Listen now. 

Subscribe today. 

• Top RMM Solutions For MSPs 

• Top Mobile Device Management (MDM) Solutions 

• Top Email Security Gateways 

• Top Email Security Solutions For Office 365 

• Top Identity And Access Management Solutions 

• Top Phishing Protection Solutions 

• Top Phishing Simulation And Testing Solutions 

• Top Cyber Threat Intelligence Solutions