Wheels left spinning after cyber incident.

A cyberattack disrupts Bridgestone’s manufacturing operations. CISA warns of critical vulnerabilities in products used across multiple sectors. Additional cybersecurity firms confirm data exposure in the recent Salesforce–Salesloft Drift attack. A configuration vulnerability in Sitecore products leads to remote code execution. HHS promises stricter enforcement of healthcare information access rules. Texas sues an education software provider over a December 2024 data breach. A federal jury orders Google to pay $425 million over improperly collected user data. Nations unite for global guidance on SBOMs. On our Industry Voices segment, we are joined by Aron Anderson, Enterprise Security Manager of Adobe, on embracing the journey to zero trust. Chess.com gets caught in a tricky gambit.

Today is Friday September 5th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

A cyberattack disrupts Bridgestone’s manufacturing operations. 

Bridgestone Americas, the North American arm of tire giant Bridgestone, is investigating a cyberattack that disrupted some manufacturing operations. The incident, reported on September 2, 2025, initially impacted two facilities in South Carolina and later one in Joliette, Quebec. Bridgestone says its rapid response contained the attack early, preventing customer data theft or deeper network compromise. While forensic analysis continues, the company stressed that business continuity and customer obligations remain top priorities. Staff are working to minimize supply chain impacts, though product shortages are possible. Bridgestone has not confirmed whether ransomware was involved, and no group has claimed responsibility. The company previously suffered a LockBit ransomware attack in 2022, raising questions about potential repeat targeting.

CISA warns of critical vulnerabilities in products used across multiple sectors. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued five new ICS advisories warning of critical vulnerabilities in products used across energy, manufacturing, transportation, and healthcare sectors. Affected systems include Honeywell’s OneWireless WDM and Experion PKS, Mitsubishi Electric’s Iconics Digital Solutions, Delta Electronics’ COMMGR, and the End-of-Train/Head-of-Train rail protocol.

CISA highlighted flaws ranging from memory buffer overflows and integer underflows to weak encryption and symbolic link exploitation. Many issues could enable remote code execution, denial of service, or data exposure. Notably, Honeywell and Mitsubishi vulnerabilities carry high CVSS scores, while Delta’s COMMGR flaw scored 9.8 under CVSS v3.1. Rail vulnerabilities could let attackers spoof brake-control signals.

Vendors are releasing patches, but CISA urges immediate mitigations such as strict access controls, network segmentation, and patching to reduce exploitation risk.

Additional cybersecurity firms confirm data exposure in the recent Salesforce–Salesloft Drift attack. 

Cybersecurity firms Proofpoint, SpyCloud, Tanium, and Tenable confirmed data exposure in the recent Salesforce–Salesloft Drift attack, part of a campaign disclosed on August 26 by Google. Threat group UNC6395 exploited OAuth tokens in the Drift integration to steal sensitive Salesforce data from over 700 organizations. Exposed information included AWS keys, emails, phone numbers, and CRM details. While the firms stressed that customer-protected data and internal systems were not compromised, they rotated credentials, removed Drift, and secured systems to prevent further impact.

A configuration vulnerability in Sitecore products leads to remote code execution. 

Attackers are exploiting a configuration vulnerability in Sitecore products to achieve remote code execution (RCE) and deploy malware. The flaw, tracked as CVE-2025-53690, affects all versions of Sitecore XM, XP, XC, and Managed Cloud if deployed in multi-instance mode with customer-managed static machine keys. Systems using sample keys from old Sitecore documentation are most at risk. Criminals have used these exposed keys to push malicious ViewState payloads, enabling deployment of WEEPSTEEL malware for system and user data collection. Mandiant reported disrupting one such attack before full impact was known but observed privilege escalation, credential theft, and lateral movement attempts. Sitecore urges customers to rotate keys immediately. The U.S. Cybersecurity and Infrastructure Security Agency has added the flaw to its Known Exploited Vulnerabilities catalog.

HHS promises stricter enforcement of healthcare information access rules. 

The U.S. Department of Health and Human Services (HHS) announced stricter enforcement of the 21st Century Cures Act’s information blocking rules, which prohibit practices that interfere with access, exchange, or use of electronic health information (EHI). Violations can carry fines up to $1 million for health IT vendors and information exchanges, while providers risk financial penalties from Medicare and Medicaid. HHS says patients must have free, timely electronic access to their records, including through apps of choice. Exceptions exist for privacy and security concerns, but providers delaying or limiting access may face enforcement. The Office of Inspector General is investigating cases, and experts expect HHS to focus on vendors imposing unreasonable data restrictions and providers failing to provide timely access.

Texas sues an education software provider over a December 2024 data breach. 

Texas Attorney General Ken Paxton has sued education software provider PowerSchool over a December 2024 data breach that exposed the personal information of 62 million students, including 880,000 Texans. The breach, caused by stolen subcontractor credentials, led to the theft of names, Social Security numbers, contact details, and medical data. Attackers demanded $2.85 million in Bitcoin; PowerSchool later confirmed paying ransom. Though the company claimed stolen data was erased, schools were later re-extorted. A 19-year-old student, Matthew D. Lane, has since pleaded guilty to orchestrating the attack. Paxton alleges PowerSchool violated Texas consumer protection and identity theft laws by failing to secure sensitive data. CrowdStrike investigations also revealed earlier breaches in 2024. Paxton vowed to hold PowerSchool accountable for putting families at risk.

A federal jury orders Google to pay $425 million over improperly collected user data. 

A federal jury ordered Google to pay $425 million to plaintiffs who claimed the company collected user data even after they disabled app activity tracking. The class-action suit, representing 98 million users, alleged Google violated its own privacy policy over an eight-year period. The jury did not find malice or award punitive damages, but ruled Google’s actions invaded privacy. Privacy advocates hailed the verdict as a rare and significant win, while Google plans to appeal, arguing its privacy tools already honor user choices.

Nations unite for global guidance on SBOMs. 

Cybersecurity and intelligence agencies from 15 countries have jointly released guidance promoting Software Bills of Materials (SBOMs) as a key tool for securing the global software supply chain. Published September 3, the document, A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity, defines SBOMs, explains their value, and outlines roles for producers, users, and operators. It encourages broad adoption, harmonized implementations, and integration into security workflows. Signatories include CISA, NSA, and agencies from Europe, Asia, and beyond. Officials stressed that modern software’s complexity makes transparency essential, while experts warned that divergent approaches could hinder progress. Observers see the agreement as a milestone, but note the next challenge is aligning legislation across nations to avoid fragmented requirements and costs.

 

Chess.com gets caught in a tricky gambit. 

Looks like Chess.com just got caught in a tricky gambit. The online chess giant admitted that 4,541 players had their data swiped during a June breach involving a compromised file transfer tool. That’s less than 0.003% of its 100 million users—a small pawn sacrifice, but still a blunder. The attack ran from June 5 to June 18 before being checkmated on June 19, when federal authorities were alerted. No banking details, usernames, or passwords were taken, so accounts remain in stalemate-safe condition. Chess.com insists its code wasn’t compromised, though it declined to reveal which tool was the weak square on its board. Hackers remain anonymous, and no exposed data has surfaced online. For now, players can keep their kings safe—and their rooks on the file.

Graham Cluley, call your office…

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.