RH-ISAC Champions Collective Action Against Fraud at Industry Forum

VIENNA, VA (September 4, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) convened leaders from across the retail and hospitality sectors on 27 August 2025 for the Fraud Defense Forum, hosted at Target’s office in Minneapolis. The event brought together some of the world’s largest retailers to strengthen collective efforts in…

Read More

Salesloft Drift AI Abused for Further Attacks on Salesforce Environments for Major Cyber Security Firms

Executive Summary A widespread, opportunistic data theft campaign against Salesforce, attributed to the group UNC6395, has expanded in scope beyond initial reports. The attacks leverage compromised OAuth tokens from Salesloft Drift, an AI chat agent, to gain unauthorized access to customer instances of various services, including Salesforce and Google Workspace. Cybersecurity firms Zscaler and Palo Alto Networks have publicly confirmed impact,…

Read More

Colt Technology Services Attack Claimed by Warlock Ransomware, Data Up for Sale

Executive Summary UK-based telecom provider Colt Technology Services has been battling a cyberattack since August 12, 2025, which disrupted several of its support and online platforms for days. Initially described as a “technical issue,” the company later confirmed it was a cyber incident and that customer data was stolen. The WarLock ransomware group has claimed responsibility,…

Read More

QuirkyLoader Delivers Infostealers and RATs to Multiple Global Entities

Executive Summary Since November 2024, IBM X-Force has been tracking QuirkyLoader, a new malware loader actively used to deliver a variety of well-known payloads, including keyloggers and Remote Access Trojans (RATs). This multi-stage infection begins with a malicious email attachment that exploits dynamic-link library (DLL) side-loading to execute a hidden malicious DLL. The loader, consistently written…

Read More

RH-ISAC Opens Call for Presentations for the 2026 Cyber Intelligence Summit

VIENNA, VA (August 20, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) has officially opened the call for presentations for the 2026 Cybersecurity Summit, taking place 13-15 April 2026 in Austin, Texas. The Summit is the premier event for cybersecurity practitioners across the retail, hospitality, and customer-facing sectors. RH-ISAC is seeking…

Read More

Microsoft OAuth App Impersonation Leads to MFA Phishing

Executive Summary Proofpoint discovered a widespread phishing campaign leveraging fake Microsoft OAuth applications to bypass multifactor authentication (MFA) and harvest Microsoft 365 credentials. The attackers impersonated reputable brands like RingCentral, Adobe, SharePoint, and DocuSign, by luring victims into approving minimal‑privilege access. Even if MFA was declined, victims were redirected through CAPTCHA and a phishing page using…

Read More

Cybersecurity in 2025: What CISOs in Retail & Hospitality Are Prioritizing

As the digital threat landscape continues to evolve, so too does the role of the CISO. The newly released 2025 RH-ISAC CISO Benchmark Report, developed in partnership with Accenture, offers a compelling snapshot of how cybersecurity leaders across retail and hospitality are adapting to new challenges, investing in resilience, and aligning security with business strategy….

Read More

Microsoft Warns of Active Exploitation of SharePoint via ToolShell Zero-Day

Executive Summary Microsoft has identified widespread, active exploitation of a new SharePoint remote code execution (RCE) vulnerability chain, designated ToolShell, tracked as CVE-2025-53770. This zero-day exploit, demonstrated publicly on X just days prior, allows unauthenticated attackers to compromise on-premises SharePoint servers globally, extracting cryptographic secrets and enabling full remote control. Microsoft, and CISA, has confirmed the active exploitation and…

Read More

Recent Compromises of Network-Separated Environments in South Korea Highlight Potential Security Gaps

Executive Summary Recent major cyber incidents several South Korean entities highlight a critical concern within network-separated, or air-gapped, environments. Despite the inherent security assumptions often associated with these isolated setups, these breaches demonstrate a dangerous decline in caution and a false sense of security. This has led to successful compromises, highlighting that even seemingly air-gapped…

Read More

RH-ISAC Releases 2025 CISO Benchmark Report, Showcasing Growth in Retail and Hospitality Cybersecurity

VIENNA, VA (July 9, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) has released its 2025 CISO Benchmark Report, offering a detailed look at the industry’s growing focus on proactive, business-enabling cybersecurity strategies.  The 2025 report, developed in partnership with Accenture, draws on input from nearly 200 cybersecurity leaders across retail…

Read More