Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Human resources firm Workday disclosed a data breach

Human resources firm Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering. Workday is a cloud-based software company that specializes in enterprise applications for human capital management (HCM), financial management, and planning.  The company provides services to over 11,000 organizations, including over 60% of Fortune 500 firms. The HR […]

workday

Human resources firm Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering.

Workday is a cloud-based software company that specializes in enterprise applications for human capital management (HCM), financial management, and planning. 

The company provides services to over 11,000 organizations, including over 60% of Fortune 500 firms.

The HR firm has disclosed a data breach after threat actors compromised a third-party customer relationship management (CRM) platform in a recent social engineering attack.

Attackers pose as HR or IT via text or phone to trick employees into revealing account credentials or personal data.

“We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform.” reads the statement published by the HR giant. “There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.”

Compromised data was primarily commonly available business contact information, including names, email addresses, and phone numbers. The company warns that exposed data may potentially used by attackers to further their social engineering scams.

“It’s important to remember that Workday will never contact anyone by phone to request a password or any other secure details. All official communications from Workday come through our trusted support channels.” concludes the statement.

BleepingComputer reported that, according to a data breach notification sent to impacted customers, Workday discovered the breach on August 6.

It is unclear if the breach is linked to a ShinyHunters campaign targeting Salesforce CRM via social engineering and voice phishing. Attackers trick employees into authorizing malicious OAuth apps, enabling database theft later used for extortion. Victims include Adidas, Qantas, Allianz, and Google. The group, tied to major past breaches, began this campaign earlier in 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)