North America
Gainsight
Google has confirmed that hackers have stolen data stored by Salesforce belonging to more than 200 companies in the large-scale Salesforce-Gainsight supply chain breach.
On November 19, Salesforce announced that it was investigating a breach affecting some customers whose data was exposed through apps published by Gainsight, a customer success platform. Google’s Threat Intelligence Group has since stated that it is aware of more than 200 potentially impacted Salesforce instances. Shortly after Salesforce disclosed the issue, the hacking group Scattered Lapsus$ Hunters claimed responsibility for the attack.
Salesforce said there is no evidence to suggest the breach resulted from a vulnerability in its own platform. Instead, the activity appears to be linked to Gainsight’s external connection to Salesforce. To protect customers, Salesforce has disabled the integration and revoked all active and refresh tokens associated with Gainsight-published apps.
SourceHow it could affect your business
This incident shows attackers no longer need to breach your systems directly — they can infiltrate through trusted integrations and connected apps. Businesses should map all third-party connections, enforce strict token and application programming interface (API) permission controls and continuously audit external tools’ access points to prevent hidden backdoors.
United Kingdom
London councils
Three London councils reported a cyberattack last week, raising concerns that residents’ data may have been compromised.
The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC) and the London Borough of Hammersmith & Fulham confirmed that they were hit by a cyberattack on November 24. The three councils share several IT systems, and officials say multiple services — including phone lines — were affected. As a precaution, they shut down multiple systems to prevent further damage. These councils collectively serve more than half a million London residents.
In a public statement, RBKC said the councils are working with specialist cyber incident responders and the UK’s National Cyber Security Centre (NCSC) to secure affected systems, restore data and keep essential public services running.
SourceHow it could affect your business
Cyberattacks on public services show how quickly operations can come to a halt. A strong business continuity and disaster recovery (BCDR) strategy — with tested backup, failover and recovery processes — helps ensure your organization can maintain critical services and restore systems quickly, even during major disruptions.
United States
SitusAMC
A cyberattack on one of the banking industry’s largest vendors has left major U.S. banks rushing to assess the potential fallout.
On November 22, SitusAMC — a key vendor that many banks rely on to manage real estate loans and mortgages — confirmed that hackers had broken into its systems on November 12 and stolen sensitive data. The company stated that the breach may have exposed corporate information related to its clients, including accounting records and legal agreements, as well as data belonging to some of its clients’ customers. SitusAMC supports several major U.S. banks, including JPMorgan Chase & Co., Citigroup Inc. and Morgan Stanley.
The full scope and impact of the breach are still under investigation as the company works with third-party cybersecurity experts to review the incident.
SourceHow it could affect your business
This incident shows how even well-defended sectors remain vulnerable when attackers exploit weaknesses in third-party vendors. Organizations should closely assess vendor security, limit the sharing of sensitive data and access and enforce continuous monitoring to reduce exposure from supply chain breaches.
United States
OnSolve (Crisis24)
A cyberattack on the OnSolve CodeRED platform used by state and local agencies across the U.S. disrupted emergency notification systems and exposed sensitive user data.
The ransomware attack targeted the OnSolve CodeRED emergency alert service provided by Crisis24, which is widely used to issue public safety warnings for events such as floods, fires, gas leaks, chemical spills, missing persons and bomb threats. According to reports, cybercriminals obtained user information, including names, email addresses, physical addresses, phone numbers and passwords linked to a legacy version of the platform. The disruption prevented some agencies from sending timely alerts, raising concerns about public safety during active emergencies.
The Inc Ransom group claimed responsibility for the attack and listed OnSolve on its leak website on November 22. The group says it gained access to OnSolve systems on November 1 and deployed file-encrypting ransomware on November 10.
SourceHow it could affect your business
Ransomware attacks like this show how threat actors plant time bombs, staying hidden for days or weeks before detonating payloads that disrupt critical systems. Organizations need proactive threat detection to spot unusual activity early and ransomware-resilient backups that can’t be altered or encrypted. This combination is crucial for rapid, reliable recovery when an attack occurs.
North America
Antigravity (Google)
A security researcher discovered a major vulnerability in Google’s new Gemini-powered AI coding tool Antigravity just 24 hours after its release.
Alongside the launch of Gemini 3, Google introduced Antigravity, a tool that allows autonomous coding through AI agents, making development faster and more automated. However, researcher Aaron Portnoy found a severe flaw almost immediately. He showed that by altering Antigravity’s configuration settings, he could manipulate the AI’s rules and insert malicious source code that creates a backdoor on a user’s machine. With that access, an attacker could spy on victims, steal data or deploy ransomware.
Even more concerning, the attack required very little effort. Portnoy only needed to convince an Antigravity user to run his code once and click a prompt marking it as “trusted.” Threat actors have used this exact social engineering tactic for years by pretending to be skilled developers sharing helpful scripts.
SourceHow it could affect your business
Zero-day vulnerabilities like this show how quickly new tools can become attack vectors. Organizations should strengthen software-vetting processes, enforce strict least-privilege controls and use advanced threat detection to spot unusual code behavior early. Regular user-awareness training also reduces the risk of employees approving or running untrusted code.
