Google Unified Security brings together threat detection, AI-powered security, secure browser features, and Mandiant services, the company said at its Cloud Next conference.

Google Merges Security Offerings Into a Cohesive Suite

The security teams associated with the 2024 Olympic Games in Paris focused on in-depth penetration testing, crisis management exercises, and collaboration to defend against potential cyberattacks.

Advanced Preparation Was Key to a Secure Paris Olympics

A review of the emails involved in the breach is still ongoing, but what has been discovered is enough for the Treasury Department to label it a "major cyber incident."

US Comptroller Cyber 'Incident' Compromises Org's Emails

A hacker using the alias “Satanic” claims a WooCommerce data breach via a third party, selling data on…

A hacker using the alias “Satanic” claims a WooCommerce data breach via a third party, selling data on over 4.4 million users/clients, including records tied to major organizations like NVIDIA, Texas.gov, and the National Institute of Standards and Technology (NIST).

Just hours after claiming responsibility for a **breach involving Magento**, a hacker known as “Satanic” has surfaced again, this time alleging a data breach connected to WooCommerce, one of the most widely used eCommerce platforms on the web.

According to a post made on **Breach Forums** earlier today, the threat actor claims the incident occurred on April 6, 2025, and involves the extraction of more than 4.4 million records containing detailed personal and business information.

The announcement suggests the data wasn’t pulled from **WooCommerce**‘s core infrastructure directly but rather from systems closely tied to websites using the platform, likely CRM or marketing automation tools connected through third-party integrations.

Satanic on Breach Forums (Screenshot credit: Hackread.com)

The data breach appears to include both customer and company-level information, including emails, phone numbers, physical addresses, and social media links to business data such as sales revenue, employee count, domain authority rankings, and platform usage.

In total, the hacker claims the database holds:

*   **998,000 phone numbers**

*   **4,432,120 individual records**

*   **1.3 million unique email addresses**

*   **Metadata on corporate websites, including technology stacks and payment solutions**.

****Top Organisations Listed in the Sample Data****

A 1,000-line sample shared by the hacker includes data from several notable websites, such as “nist.gov,” the official site of the National Institute of Standards and Technology (NIST), a U.S. Department of Commerce agency. Also listed is “texas.gov,” the official portal for the State of Texas.

In addition to government entities, the sample contains records linked to major organizations, including NVIDIA Corporation, the New York City Department of Education, the University of Oklahoma, and Oxford University Press, alongside data from other well-known institutions and private companies worldwide.

Each record includes detailed information typically found in well-arranged marketing databases, such as estimated revenue, number of SKUs (Stock Keeping units), marketing platforms in use (e.g., ActiveCampaign, HubSpot), hosting providers, and links to company social media.

Interestingly, several entries show references to WordPress CMS, with WooCommerce listed as the eCommerce plugin. Others highlight integrations with Salesforce, Pardot, and various payment platforms like PayPal and Stripe. This points to a data source larger than WooCommerce itself, possibly compiled through APIs or scraped from exposed CRM panels.

Sample data analysed by Hackread.com (Screenshot credit: Hackread.com)

****Data for Sale****

The hacker is currently offering the database for sale via direct messages or Telegram without listing a fixed price. According to their post, they are “taking offers only.”

This claim follows a growing pattern from the same actor, who recently alleged a breach involving **Magento** via a third party and previously took credit for the **Tracelo breach** affecting 1.4 million users. Just last week, Satanic also claimed to have **breached Twilio’s SendGrid**, though that incident was publicly denied by the company.

If the WooCommerce-related breach proves authentic, it would represent one of the largest known exposures involving WordPress-based commerce platforms this year. The combination of personal contact information, business intelligence, and technology stack profiling makes the dataset valuable for threat actors engaged in phishing, social engineering, or competitive intelligence scraping.

At the time of publishing, WooCommerce has not issued any public statement regarding the claim. While Hackread.com has reached out to the company, businesses relying on WooCommerce and connected CRM or marketing tools should consider reviewing their third-party integrations and checking for unusual data access patterns.

This story is developing.

Hacker Claims WooCommerce Data Breach, Selling 4m User Records

Attacks on a critical authentication bypass flaw in CrushFTP's file transfer product continue this week after duplicate CVEs sparked confusion.

CrushFTP Exploitation Continues Amid Disclosure Dispute

Cybersecurity and policy experts worry that if tariffs give way to a global recession, organizations will reduce their spending on cybersecurity.

Tariffs May Prompt Increase in Global Cyberattacks

The database company said its Oracle Cloud Infrastructure (OCI) was not involved in the breach. And at least one law firm seeking damages is already on the case.

Oracle Appears to Admit Breach of 2 'Obsolete' Servers

### Impact
_What kind of vulnerability is it? Who is impacted?_

**Description:** This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the service logs of these applications. Service logs are intended to be handled securely.

**Impact:** The vulnerability impacts service logs that meet the following criteria:

- **Logging Level:** Logs are generated at the information level.
- **Credential Descriptions:** containing:
    - Local file paths with passwords.
    - Base64 encoded values.
    - Client secret.
    
Additionally, logs of services using Base64 encoded certificates or certificate paths with password credential descriptions are also affected if the certificates are invalid or expired, regardless of the log level. Note that these credentials are not usable due to their invalid or expired status.

If your service logs are handled securely, you are not impacted. 

Otherwise, the following table shows when you can be impacted 
  | Log Level Information for Microsoft.Identity.Web | Invalid Certificate
-- | -- | --
One of the ClientCredentials credential description has a CredentialSource = Base64Encoded or (CredentialSource = Path) | Impacted | Impacted
One of the ClientCredentials credential description is a Client secret (CredentialSource = ClientSecret) | Impacted | Not impacted
Other credential descriptions | Not Impacted | Not Impacted

### Patches
_Has the problem been patched? What versions should users upgrade to?_
To mitigate this vulnerability, update to Microsoft.Identity.Web 3.8.2 or Microsoft.Identity.Abstractions 9.0.0.

### Workarounds
_Is there a way for users to fix or remediate the vulnerability without upgrading?_
You can work around the issue in the following ways: 

- Ensure that service logs are handled securely and access to logs is restricted

- Don’t use `LogLevel = Information` for the Microsoft.Identity.Web namespace 

### Recommendation for production environment
Avoid using `ClientCredentials` with [`CredentialDescriptions`](https://learn.microsoft.com/en-us/dotnet/api/microsoft.identity.abstractions.credentialdescription.base64encodedvalue?view=msal-model-dotnet-latest) which `CredentialSource` is `ClientSecret`, or `Base64Encoded`, or `Path`. Rather use certificate from KeyVault or a certificate store, or Federation identity credential with Managed identity.

### References
_Are there any links users can visit to find out more?_

**Impact**

_What kind of vulnerability is it? Who is impacted?_

**Description:** This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the service logs of these applications. Service logs are intended to be handled securely.

**Impact:** The vulnerability impacts service logs that meet the following criteria:

*   **Logging Level:** Logs are generated at the information level.
*   **Credential Descriptions:** containing:
    *   Local file paths with passwords.
    *   Base64 encoded values.
    *   Client secret.

Additionally, logs of services using Base64 encoded certificates or certificate paths with password credential descriptions are also affected if the certificates are invalid or expired, regardless of the log level. Note that these credentials are not usable due to their invalid or expired status.

If your service logs are handled securely, you are not impacted.

Otherwise, the following table shows when you can be impacted

 

Log Level Information for Microsoft.Identity.Web

Invalid Certificate

One of the ClientCredentials credential description has a CredentialSource = Base64Encoded or (CredentialSource = Path)

Impacted

Impacted

One of the ClientCredentials credential description is a Client secret (CredentialSource = ClientSecret)

Impacted

Not impacted

Other credential descriptions

Not Impacted

Not Impacted

**Patches**

_Has the problem been patched? What versions should users upgrade to?_  
To mitigate this vulnerability, update to Microsoft.Identity.Web 3.8.2 or Microsoft.Identity.Abstractions 9.0.0.

**Workarounds**

_Is there a way for users to fix or remediate the vulnerability without upgrading?_  
You can work around the issue in the following ways:

*   Ensure that service logs are handled securely and access to logs is restricted
    
*   Don’t use LogLevel = Information for the Microsoft.Identity.Web namespace
    

**Recommendation for production environment**

Avoid using ClientCredentials with CredentialDescriptions which CredentialSource is ClientSecret, or Base64Encoded, or Path. Rather use certificate from KeyVault or a certificate store, or Federation identity credential with Managed identity.

**References**

_Are there any links users can visit to find out more?_

**References**

*   GHSA-rpq8-q44m-2rpg
*   https://nvd.nist.gov/vuln/detail/CVE-2025-32016

GHSA-rpq8-q44m-2rpg: Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

The Israeli spyware maker, still on the US Commerce Department’s “blacklist,” has hired a new lobbying firm with direct ties to the Trump administration, a WIRED investigation has found.

Shortly after Donald Trump declared victory in November, NSO Group cofounder and majority owner Omri Lavie rushed to X to congratulate him, speaking of a “new chapter where the world goes back to common sense,” while accusing the outgoing Biden administration of being “weak.” In another tweet, he gushed in Hebrew that Republicans “won in every category: the presidency, Congress, Senate, and the popular vote.”

Lavie’s enthusiasm is understandable. His company—frequently associated with alleged human rights abuses, most recently in February when journalists in Serbia were targeted with its Pegasus spyware—had a significant stake in a Trump victory, with the hopes of regaining the ability to freely do business with US entities. In a comment to Amnesty International, NSO stated, in part, that its “commitment to maintain the highest standard of ethical conduct as well as confidentiality towards our customers is paramount and is consistent with industry norms and our legal obligations.”

The Israeli spyware vendor has been on the US Commerce Department’s “blacklist” for more than three years, meaning it cannot do business with US companies without specific government approval. NSO Group poured at least $1.8 million into an aggressive pre-election lobbying effort, focusing primarily on Republican senators and representatives, with some meetings occurring as often as eight times. Yet the company remains on the Entity List.

Now, with a new occupant in the White House, NSO Group appears to be shifting its political strategy.

The company seems to have either terminated or altered its engagement with several of its previous lobbying consultancies in Washington—some of which were closely aligned with the Democrats—and has started working with a key new lobbying partner: the Vogel Group.

Founded by Alex Vogel, who served as chief counsel to former Senate majority leader Bill Frist, the Vogel Group is providing NSO Group with “strategic advisory on cybersecurity policy matters,” according to lobbying disclosure documents filed on March 10.

The Vogel Group’s connection to the Trump administration includes areas of key interest to NSO Group. One of the Israeli spyware vendor’s new lobbyists, Jonathan Fahey, joined Vogel’s Washington, DC, office as a principal on January 29 and served in various roles during Trump's first term, including acting director and acting principal legal adviser at Immigration and Customs Enforcement, deputy assistant secretary at the Department of Homeland Security, and general counsel to the White House Office of National Drug Control Policy—all three relevant departments for a company selling surveillance technology.

Another Vogel Group staffer, Hayden Jewett, is listed in disclosure records as assigned to lobby on behalf of NSO group. Jewett served as a congressional staff liaison to President Trump’s 2016 inauguration, facilitating coordination between congressional offices and the inaugural committee.

Law firm Holtzman Vogel—of which Alex Vogel is a partner—was founded by his wife, Jill Holtzman Vogel, a former Virginia state senator, a former chief counsel of the Republican National Committee (RNC), and a current principal at the Vogel Group. The firm has reportedly worked for the National Republican Senatorial Committee and the National Republican Congressional Committee and received in 2024 over $9.3 million in reported payments, with significant political funding from Republican organizations.

Holtzman Vogel also represented former Metropolitan Police Department lieutenant Andrew Zabavsky, who was pardoned by Trump in January 2025 for his conviction for obstruction of justice related to the investigation into the death of 20-year-old Karon Hylton-Brown, a case that sparked protests ahead of the 2020 US election.

Bill McGinley, a principal at the Vogel Group and former assistant to the president and cabinet secretary during Trump’s first term, left the lobbying firm after Trump appointed him to White House counsel on November 12. He was then reassigned as counsel to the so-called Department of Government Efficiency (DOGE) on December 4, only to leave on January 23.

“Lobbyists and advisers who have passed through the revolving door, having worked in the previous Trump White House or for the campaign, as well as those who are big campaign donors have a unique ability to bend the ear of the new administration,” says Dan Auble, a senior researcher at the nonprofit OpenSecrets, which tracks US political spending. “That access is very valuable.”

NSO Group spokesperson Gil Lainer declined to comment on the scope of the contract with the Vogel Group when asked by WIRED. The Vogel Group did not respond to WIRED’s request for comment.

**Closing the Circle**

NSO Group’s recent lobbying efforts appear to have mainly focused on Republican lawmakers, more than executive branch power players, particularly as the Biden administration had been engaged in a crackdown on commercial spyware. The company previously worked with several lobbying contractors, with whom it appears to have either terminated or altered its registrations.

These include its registrations under Foreign Agents Registration Act (FARA) with Pillsbury Winthrop Shaw Pittman LLP and Chartwell Strategy Group, as well as registrations under the Lobbying Disclosure Act (LDA) with law firms Paul Hastings LLP and Steptoe LLP. Pillsbury previously engaged Chartwell Strategy Group to provide NSO Group with “strategic communications counsel.” Chartwell Strategy Group has now, for the first time, registered under the LDA as a lobbyist for NSO Group, while the only current active registration of NSO Group under FARA is with Paul Hastings LLP.

Lobbyists representing foreign commercial interests—if their work is not intended to benefit a foreign government or political party—can be exempt from FARA and instead register under the LDA, which has no requirement to report specific meetings and is, overall, far less transparent than FARA.

Much of the public knowledge about NSO Group’s lobbying efforts came from FARA filings. Since both the Vogel Group and Chartwell Strategy Group are now registered under the LDA, it will now be more difficult to monitor their lobbying efforts.

Examining NSO Group's past and present consultants reveals numerous individuals who, one way or another, have been associated with the Trump administration. These people are not all lobbyists, but they do have direct connections to Trump world. They include David Tamasi, managing director at Chartwell Strategy and DC chairman of Trump’s 2016 joint fundraising committee, who bundled more than $500,000 for Trump’s campaign and the RNC in 2020, and at least $15,000 in 2024. His firm, a key player in NSO Group’s lobbying, had been actively preparing clients for Trump’s return.

Other NSO-connected figures also have close Trump ties: Bryan Lanza, a partner at Mercury Public Affairs, which consulted for the company from 2020 to 2021, is a veteran Trump ally; Michael Flynn, Trump’s former national security adviser, was paid nearly $100,000 by NSO Group’s parent firms, according to the The Washington Post, and was recently appointed by Trump to a West Point advisory board; Jeff Miller, who raised millions for Trump, received $170,000 from an NSO-linked company and was spotted at Trump’s 2024 election night event at Mar-a-Lago; and Rod Rosenstein, Trump’s former deputy attorney general, represented NSO Group in a lawsuit and previously helped justify Trump’s firing of FBI director James Comey.

Pillsbury Winthrop Shaw Pittman LLP, Chartwell Strategy Group, Paul Hastings LLP, and Steptoe LLP did not reply to WIRED’s request for comment. Nor did Flynn, Miller, or Rosenstein. Tamasi did not respond in time for publication.

**What Counts as a Win**

As of early March—before Vogel Group’s registration as a lobbyist for NSO Group—there had been no indication that the Trump administration intended to remove the company from the Entity List, according to a source familiar with the administration’s moves regarding spyware, who asked not to be named in order to discuss confidential matters. However, recent comments by NSO Group’s Lavie soft-peddled the impact of the Entity List on the company’s ability to operate in the US.

“\[The Americans\], when they say ‘blacklist,’ it sounds much more dramatic to me than it actually is,” Lavie claimed during an interview in Hebrew on an Israeli podcast following Trump’s election. He added: “You can still do business in the United States; it is definitely not a barrier for us to sell in the US.”

“In practice, we are on the list of Commerce, and what this does for us from a regulatory perspective, it simply forces American companies—if we want to buy technology from them—to ask for permission to sell us the technology. That's all,” Lavie said.

​​Lobbying efforts can target different parts of the US government. By lobbying the executive branch (the president and agencies), lobbyists can influence how laws are enforced rather than what the laws say. In contrast, when lobbying Congress, the focus is on passing, blocking, or amending laws by influencing legislators.

For example, for a company to be removed from the Entity List, it must go through a lengthy administrative process that includes a review by an interagency committee composed of representatives from the departments of Commerce, State, and Defense, among others. Although Congress could theoretically influence this process, it is not directly involved.

During the presidential transition period, NSO Group mainly focused on Congress and reached out to at least 10 Republican senators, representatives, and their staff, before beginning its outreach with the incoming administration. On February 2, the company shared its annual transparency report with Trump’s new deputy national security adviser, Alex Wong.

The Vogel Group could play a key role in supporting NSO Group if it attempts to engage with the new executive branch, including the president’s executive office, the National Security Council, and the State, Justice, and Commerce Departments, among other relevant agencies. Such engagement might aim not only at addressing NSO Group’s placement on the Entity List, but also at challenging the spyware-related visa restrictions imposed by the previous administration. In addition, the firm could potentially assist in efforts to roll back Executive Order 14093, signed by President Joe Biden, which continues to restrict the US government’s use of commercial spyware.

Asked whether the Trump administration intends to uphold the EO, White House press secretary Karoline Leavitt declined to comment.

“Much is at stake if the US revokes Executive Order 14093, an order that sets standards on US acquisition of spyware, as access to the US market, and US purchasing power, are great tools in shaping the global scope and scale of the market for spyware,” says Jen Roberts, the Atlantic Council’s associate director of the Cyber Statecraft Initiative and coauthor of a recent major report on the commercial spyware industry. Roberts also highlighted the need to better regulate US outbound investment into such technologies.

**Watching for Signs**

During Trump's first term, the FBI secretly acquired the Pegasus spyware for limited testing in 2019 and seriously contemplated its operational deployment; while during the final months of the administration in 2020, the US initiated a deal that financed the purchase of the Israeli spyware for Colombian security forces, according to the Colombian ambassador to the US and reported by Drop Site News. (The deal was finalized in 2021, after Trump left office.) In an official statement, NSO Group confirmed its dealings with Colombia but denied claims that the software was purchased irregularly. The New York Times also reported that in 2018 the CIA had purchased Pegasus for the government of Djibouti to conduct counterterrorism operations, while the Secret Service held discussions with NSO Group the same year.

The access and influence NSO Group could attain through lobbying efforts by companies like the Vogel Group and Chartwell Strategy Group could lead to a more favorable political environment and, in turn, potentially increase business opportunities under a second Trump administration—something very hard for outsiders to measure, given the opaque nature of government procurement of surveillance technologies.

In the coming weeks and months, NSO Group’s interactions with US government officials, facilitated by its lobbying, will be critical in achieving such a favorable political environment. Caroline Glick, an adviser to Israeli prime minister Benjamin Netanyahu, has also been recently lobbying the Trump White House—among others—on the matter of “request\[ing\] to check for options for lifting sanctions on Israeli technology companies,” according to reports in the Israeli media.

Experts closely monitoring the commercial spyware industry are raising the alarm about the prospect of NSO Group regaining business under Trump—further exacerbated by new reports that the company has been simultaneously pushing its interests on the international stage through the so-called Pall Mall Process, a UK- and France-led initiative to regulate such technologies.

“NSO has become a toxic brand that is widely associated not just with human rights abuses but also with national security threats to US, UK, France, and other countries,” says Natalia Krapiva, senior tech-legal counsel at civil-liberties-focused nonprofit Access Now.

Lainer, the NSO Group spokesperson, tells WIRED that the company “complies with all laws and regulations and sells only to vetted intelligence and law enforcement agencies, which use these technologies daily to prevent crime and terror attacks.” Lainer adds that NSO “has initiated and implemented the industry’s leading compliance and human rights program, which protects against misuse by government entities and investigates all credible claims of misuse”

Ultimately, the current administration will have the final say on how the US regulates NSO Group.

Senator Ron Wyden of Oregon, who has actively worked to address concerns related to surveillance and spyware, tells WIRED that “the Biden Administration blacklisted NSO” because its tool was used to “maliciously targeting journalists, human rights workers, and even US government officials around the world on behalf of foreign dictators and making all Americans less safe.”

“If Donald Trump puts the NSO Group back in business,” Wyden adds, “he'll be directly responsible for opening up new threats to our national security and enabling atrocities by foreign dictators.”

Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America

Stay secure on the move. Protect your devices, data, and privacy with smart habits, reliable gear, updated software…

Stay secure on the move. Protect your devices, data, and privacy with smart habits, reliable gear, updated software and proper cybersecurity knowledge wherever you work.

Running a business today often means working from anywhere: airports, coffee shops, hotel rooms, or even the back of a van. But while mobility offers freedom and flexibility, it also introduces serious cybersecurity challenges.

Devices are exposed, networks are untrusted, and sensitive data becomes more vulnerable with every mile. To keep your business safe while on the move, you need a proactive strategy that protects both your physical and digital assets. Here’s how to stay one step ahead.

****Start with Reliable Hardware Protection****

The first layer of defense for mobile professionals is the hardware they carry. Laptops, tablets, and phones are high-value targets not just for their price tags but for the sensitive information they store.

Use devices that support biometric authentication, such as fingerprint or facial recognition, to ensure only you can access them. Enable full-disk encryption and make sure every device requires a strong password or passcode.

If you’re regularly working in places with limited access to outlets, carry a portable power station. This allows you to stay connected without relying on public charging ports, which can be vulnerable to juice jacking malicious attacks that install malware or steal data while you charge.

A good-quality laptop sleeve and an RFID-blocking backpack can also go a long way in protecting your physical gear from theft and unauthorized scanning.

****Secure Your Connection Every Time****

One of the biggest risks for mobile workers is using public Wi-Fi networks. These open connections are convenient but notoriously insecure, making it easy for hackers to intercept data.

Always use a virtual private network (VPN) when you connect to public Wi-Fi in a café, airport, or hotel. A VPN will encrypt your traffic, which makes it a lot harder for anyone to steal sensitive information. Stick to VPNs from reputable providers that don’t log your browsing activity.

Avoid accessing financial accounts or sharing sensitive business information over unsecured networks. When possible, tether your laptop to your phone’s mobile hotspot instead. It’s a more secure option and gives you greater control over your data connection.

****Keep Your Software and Systems Updated****

Outdated software is one of the easiest ways for attackers to exploit your system. Hackers often target known vulnerabilities in older versions of apps, operating systems, and browsers.

Always update your devices so security patches are applied as soon as they’re released. Make a habit of checking your antivirus, browser extensions, and firewalls to ensure they’re functioning properly and up to date.

Regularly back up your data to encrypted cloud storage or an external drive you keep with you. That way, if your device is lost, stolen, or compromised, your business-critical information isn’t gone forever.

****Be Mindful of Your Surroundings****

Not all security threats are digital. When working in public, physical awareness matters just as much as software protection.

Avoid displaying sensitive information on your screen when others are nearby. Use a privacy screen if you’re often working in busy locations like trains or lounges. Never leave your devices unattended, even for a quick coffee run.

If you’re taking business calls in public, be conscious of what you’re saying and who might be listening. Sensitive details should be saved for private, secure environments.

****Stay Alert, Stay Safe****

Security isn’t something you handle once and forget. It requires ongoing awareness, regular updates, and a willingness to adapt to new threats as they emerge.

Keep an eye on industry news, attend cybersecurity webinars, or follow trusted security blogs to stay informed. Knowing what’s out there can help you act fast when something feels off.

And always trust your instincts. If a network looks suspicious, if a message seems strange, or if your system behaves unexpectedly, don’t ignore it; act on it.

****Working Smart Means Working Secure****

Mobility is a major advantage for modern businesses, but it should never come at the cost of security. The tools, habits, and awareness you build now will protect your data, your team, and your reputation for years to come.

Your office might be wherever you are, but your security should be with you, too, every step of the way.

Top/Featured Image via Unsplash!

Latest News