Google Uncovers a New Scam—and Becomes a Victim It Warned About

Google uncovered a new social engineering scam that targeted Salesforce users, and the same attackers later breached a Salesforce instance belonging to a major tech company. The disclosure follows an earlier warning from Google about a large, ongoing campaign aimed at compromising customer accounts through deception rather than exploiting software vulnerabilities. The double revelation highlights how opportunistic, financially motivated threat actors adapt their tactics to target trusted enterprise ecosystems, especially when those ecosystems connect with external tools and services. The incident also underscores the evolving threat landscape where attackers pivot from access gains to extortion and data leverage, leveraging widely used business platforms to reach a broad range of organizations.

Table of Contents

The landscape of sophisticated social engineering: how the attack operated

The modern enterprise environment often relies on tightly integrated software ecosystems, where third-party connections enable seamless data exchange and automation. In this campaign, attackers exploited a well-known risk vector: social engineering combined with legitimate enterprise features that allow connections between Salesforce and external applications. The core tactic involved impersonating someone from the customer’s IT department and convincingly presenting a scenario that demanded immediate access to a Salesforce account. This is a classic example of the trusted-entity deception model, where the attacker leverages organizational authority and urgency to lower the guardrails that would normally protect sensitive systems.

Once the attacker has engaged a target employee, the goal is to persuade them to connect an external application to the organization’s Salesforce instance. Salesforce offers a feature that enables customers to link their accounts with third-party apps for data integration, analytics, blogging, mapping tools, and other business processes that extend Salesforce’s capabilities. In the campaign, the attackers contacted employees and instructed them to authorize an external application to integrate with the Salesforce environment. The employee’s compliance triggers a critical step: Salesforce prompts for an eight-digit security code as part of the connection workflow to confirm the user’s legitimacy and authorize the external integration.

With the code in hand, the attackers gain access to the Salesforce instance and, by extension, the data stored within. The breach is not achieved by exploiting a vulnerability in Salesforce software or the target’s internal systems in a direct sense. Instead, it hinges on social engineering that exploits trust in internal processes and the perceived legitimacy of the request. This approach is remarkably effective because it targets human factors—the behavioral and procedural aspects of security that are often the weakest link. The attackers’ method is simple in principle, but devastating in impact: they obtain legitimate access through a trusted channel by manipulating the user into disclosing or authorizing critical credentials or connections.

What makes the technique particularly worrying is the potential breadth of exposure. Once a Salesforce instance is connected to an external app, the attacker can maneuver within the data boundaries of that environment, accessing business names and contact details, and other information that may be publicly visible or readily discoverable through standard business directories. In the incidents observed, the data retrieved by the attackers was described as largely business-oriented information, including names and contact details, rather than highly sensitive personal data or critical financial records. Even so, the exposure of business identifiers and contact data can be leveraged for further social engineering, targeted phishing campaigns, or broad extortion strategies that capitalize on reputational risk and the operational disruption caused by a compromise.

The attackers’ operational tempo is not limited to a single breach. On the one hand, the campaign demonstrates that attackers can co-opt legitimate platform features to facilitate unauthorized access. On the other hand, it reveals a multi-stage operation in which different actor groups operate sequentially or in parallel to maximize the value of the compromised environment. The initial access obtained through an eight-digit code can serve as a doorway into the broader data stored in the Salesforce instance, including customer records, employee information, and operational metadata that could inform further intrusion steps or facilitate targeted fraud, depending on the data exposure. The overall technique emphasizes the enduring risk of misusing connected app configurations and legacy trust relationships that organizations often maintain for productivity and efficiency.

In sum, the campaign is a textbook case of how social engineering combined with legitimate platform capabilities can yield rapid access with relatively low technical complexity. It underscores the need for robust human-centered security controls, including verification of external app connections, rigorous approval workflows, and demands for additional layers of authentication. It also surfaces the importance of continuous monitoring for unusual patterns of app connections, unexpected authorization events, and changes in data access that could signal a compromised session or an active intrusion.

Google’s breach: a timeline, scope, and initial assessments

Google disclosed a breach in June that involved its Salesforce environment, but the company stated that it did not learn of the compromise until recently, with public disclosure following about two months after the intrusion was detected. This timeline underscores the often-delayed nature of breach recognition, which can occur as security teams correlate event data, determine the scope of access, and assess what data could have been retrieved during a narrow window before access was terminated. In this case, the attackers reportedly accessed a limited set of data during a brief window before the intrusion was cut off. The breach was described as resulting in the exfiltration of business information that Google characterized as largely public and non-sensitive in nature, including business names and contact details. The characterization of the compromised data as largely public information may influence risk perception and the urgency of remediation, but it does not diminish the security implications of credential and access abuse or the potential for follow-on targeted phishing and social engineering campaigns using the harvested data.

The initial attribution of the activity to a threat actor group known by certain designations, and later to a second group that has engaged in extortion, is common in modern incident analysis. The early attribution to a group identified as UNC6040 and the later observation of an additional actor group, UNC6042, illustrate how threat intelligence often evolves as investigators correlate behaviors, infrastructure usage, and patterns of activity across incidents. Researchers have associated UNC6042 with ShinyHunters in some contexts, linking the extortion-oriented operations to a broader brand of threat actors that pivot toward monetization through data leakage and publicizing stolen information. The emergence of extortion-related tactics suggests a shift from purely stealthy data access to aggressive monetization strategies, including threats of public data leaks, which can amplify reputational damage and customer risk for affected organizations.

The security firm assessments indicated that the threat actors may have used a procedural misalignment or misconfiguration related to Salesforce’s connected apps feature to gain access via compromised credentials and authorization codes. The attackers’ ability to move from initial access to broader data collection hinges on how well an organization governs its connected app ecosystem, monitors for unusual authorization activity, and restricts the scope of what third-party integrations can access. In Google’s case, the breach was likely discovered through internal security monitoring and analysis, with external disclosures following the confirmation of the incident and its potential implications for customers and partners. The two-month delay in disclosure may have been influenced by the need to assess the incident’s full scope, determine the extent of data exposure, and consider communications strategies for affected stakeholders.

From a defensive perspective, the Google incident reinforces several critical lessons: (1) the importance of rapid detection and containment of unauthorized connections to enterprise platforms; (2) the need for rigorous review and approval of external app integrations by administrators; (3) the potential value of implementing strict permission boundaries and least-privilege access for connected apps; and (4) the role of user education in recognizing social engineering attempts and urgent IT prompts that resemble legitimate security actions. Even when the exposed data is deemed non-sensitive, the incident can serve as a catalyst for extortion campaigns or targeted social engineering that leverages the fear of reputational harm and operational disruption.

The broader takeaway from Google’s breach is that large enterprises cannot rely solely on software patches to prevent compromise. Even when the underlying software is secure, the integration points—where human actions, trust, and automation intersect—represent fertile ground for attackers. A robust defense requires a layered approach that combines technical controls, policy governance, and ongoing security awareness training. The incident reminds organizations to examine their third-party connections, enforce strict authentication controls, and maintain a culture of security vigilance that transcends IT staff and security teams to include general employees who may interact with connected apps and external services.

Actors and tactics: UNC6040, UNC6042, and the ShinyHunters brand

The campaign is commonly described as a multi-actor operation in which an initial intruder set identifies targets and gains access through social engineering, followed by a separate extortion-focused group that monetizes the breach through a data leak strategy or other pressure campaigns. The early intruders—designated by the UNC6040 label—used deception to obtain an eight-digit access code by convincing employees to authorize an external application to connect with Salesforce. This approach capitalizes on the trust that employees place in legitimate IT guidance and the procedural steps that are part of normal platform integrations. The successful manipulation of this process demonstrates the persistent vulnerability of human-driven workflows and the need for rigorous verification at every stage of a connected-app authorization.

A second actor, designated as UNC6042, has been described as engaging in extortion activities, sometimes months after the initial intrusions attributed to UNC6040. This group is associated with the branding of ShinyHunters, an actor collective widely recognized in the cybercrime ecosystem for monetizing breaches through data leakage and public exposure. The combination of these two actor profiles illustrates how modern cybercriminal campaigns can involve separate yet coordinated components: one to gain access and establish a foothold, and another to monetize the access and data through coercive pressure, public disclosures, and potential financial demands. The public-facing branding used by extortion actors often signals a broader strategy to escalate the perceived severity of the breach, increase leverage over victims, and create a sense of urgency that can compel organizations to respond more quickly, potentially under less favorable terms.

From the defenders’ vantage point, the dual-actor dynamic presents distinct challenges. Detecting initial access via social engineering requires not only technical monitoring but also awareness training that helps employees recognize manipulation and confirm requests that appear to originate from trusted internal channels. The extortion phase, meanwhile, requires proactive data governance and incident response planning that includes communications readiness and a clear plan for handling reputational risk and customer concerns. If a data-leak site is contemplated or executed, organizations must be prepared to respond with timely disclosure, remediation activities, and security improvements to reduce the likelihood of recurrence. The evolving threat model suggested by these actor groups emphasizes the need for a holistic security strategy that integrates risk management, human factors, and rapid incident containment.

In addition to their known operational patterns, these actors may leverage publicly available attack playbooks, opportunistic targeting of popular platform features, and broad reconnaissance of potential victims with a view to later monetization. The emergence of ShinyHunters as a recognized extortion brand underlines how attacker ecosystems adapt to market pressures, seeking to maximize impact by combining legitimate credential misuse with coercive negotiation tactics. For organizations, the implication is clear: risk management must address both immediate access controls and the longer-term threat of extortion, including the possibility that attackers may attempt to monetize past breaches or sell data to other criminals. Comprehensive defense therefore requires continuous improvement to identity and access management, application governance, and incident response capabilities, alongside a steady focus on user education and the enforcement of strong authentication controls.

Affected organizations and the breadth of impact

Several high-profile brands across different sectors have reportedly fallen victim to the same phishing and social engineering approach, illustrating the broad reach of this campaign. Notable examples mentioned in contemporary reporting include prominent consumer goods and fashion brands, airlines, financial services organizations, and technology companies. The common thread across these victims is that their Salesforce environments contained connected apps or data integrations that attackers could manipulate by persuading employees to grant external access. The breadth of industry representation underscores that this is not a sector-specific issue; instead, it reflects a systemic risk inherent to how many organizations deploy and manage connected-app ecosystems within enterprise platforms.

The list of affected brands demonstrates that even well-protected organizations with mature security programs can be exposed when human factors intersect with trusted automation and external application integrations. In practice, this means that organizations must be vigilant not only about software vulnerabilities but also about governance around third-party connections, the configuration of connected apps, and the operational processes that enable rapid onboarding of new tools. The event also emphasizes that attackers do not need to exploit deep technical weaknesses to achieve meaningful access; they can achieve similar outcomes through social engineering that exploits routine business workflows and the trust employees place in official communications.

For stakeholders, the implication is twofold. First, many corporations may unknowingly operate Salesforce ecosystems that rely on external integrations with varying levels of security enforcement. Second, even when a data breach does not expose highly sensitive information, the mere presence of business-identifying data can be exploited for targeted phishing campaigns, credential stuffing, or social engineering aimed at broader access. The risk is not isolated to a single high-profile incident; rather, it reflects a broader pattern in which attackers pursue low-friction methods to gain footholds in large organizations and then escalate their ambitions through extortion or further data manipulation.

Policy implications emerge as well. Enterprises should consider reinforcing governance around connected apps, refining access controls to minimize the blast radius of any successful compromise, and investing in continuous monitoring that can detect unusual application authorizations or anomalous data access patterns. The incident also invites a renewed look at the risk calculus for third-party integrations and the need for stronger vendor and platform-wide controls that reduce the opportunities for social engineering to succeed. In short, the reach of this campaign demonstrates that even a globally distributed, security-conscious company can be exposed when operational processes and trusted interfaces meet human factors in high-stakes environments.

The Salesforce connected apps feature: how the attack app leveraged a trusted capability

Salesforce’s ecosystem supports connecting external applications to the platform to enable data sharing, workflow automation, and cross-tool analytics. While such integrations deliver significant business value, they also introduce security considerations that require careful management. The attackers’ success hinged on persuading employees to authorize an external app to access Salesforce data, leveraging the platform’s own mechanisms that enable linked applications. In practice, this means that the social engineering campaign targeted the organizational capacity to approve and onboard third-party integrations, which—when exploited—could grant external tools permission to operate within Salesforce with access to the organization’s data and configurations.

The defensive takeaway centers on how connected-app governance should be structured and enforced. A robust security posture necessitates explicit administrative approval for any new connected app, with a documented justification, scope definition, and least-privilege access to only the data necessary for the external tool to perform its function. Enforcing strict two-factor authentication for critical actions, including the approval of app connections, reduces the likelihood that a compromised user can complete the authorization process. In addition, organizations should implement continuous monitoring for unusual app activity, including the creation of new connected-app connections, unexpected permission grants, or abnormal data query patterns that could signal data exfiltration attempts.

Security teams should also consider implementing segmentation and data access controls that limit what a connected app can see and manipulate. Establishing a risk-based approach to connections can help ensure that external integrations with more sensitive data reside behind higher levels of scrutiny. Regular audits of all connected apps, with clearance reviews and revocation of unused or stale integrations, can reduce the attack surface and thwart attempts to exploit legacy integrations that have not been actively monitored. In essence, the campaign underscores the necessity of operational governance around critical platform features and a culture of proactive security hygiene across the organization.

The broader principle is that enterprise systems rely on a balance between productivity and security. When attackers exploit a feature that is designed to streamline business processes, defenders must respond with equally strong governance and monitoring, ensuring quick detection of unauthorized app connections and rapid containment of any compromise. The incident suggests that organizations should treat connected apps with the same level of rigor as core data stores and authentication systems, because the compromise vector can be indirect but highly effective if misused through social engineering and trusted workflows.

Defensive strategies: best practices for Salesforce customers and other platforms

The confluence of social engineering and trusted platform features requires a multi-layered defense that integrates people, processes, and technology. The following best practices are central to reducing risk in Salesforce environments and similar enterprise platforms:

Enforce strong, phishing-resistant multi-factor authentication for all privileged actions, including the initiation and approval of connected-app integrations.
Implement least-privilege access controls for connected apps, limiting the scope of data and permissions granted to each external tool.
Establish a formal governance process for onboarding external applications, with explicit ownership, risk assessment, and approval workflows.
Regularly audit all connected apps to identify stale or orphaned integrations and revoke access where appropriate.
Monitor connected-app activity for anomalous behavior, including unusual frequency of approvals, unusual data access patterns, or connections from unfamiliar locations.
Deploy robust identity and access management (IAM) solutions that provide granular visibility into who can approve or manage connected apps and under what conditions.
Train employees to recognize social engineering attempts, emphasizing verification steps and the importance of escalating suspicious requests to IT or security teams.
Use anomaly detection and behavior analytics to identify suspicious login patterns, access attempts, or data exfiltration activities in near real time.
Segment data and implement data loss prevention (DLP) measures that restrict sensitive information from being accessible via untrusted integrations.
Establish incident response playbooks that include rapid containment steps, credential rotation, and a communications plan to manage stakeholder concerns.

These practices help ensure that even if an attacker can elicit user compliance for an external app connection, the overall risk is mitigated by layered controls and rapid response capabilities. The aim is to reduce the window of opportunity for exploitation and minimize potential data exposure, while maintaining the business agility that connected apps provide.

Incident response and remediation: how organizations should react

When a breach of this nature occurs, a structured incident response approach is essential to minimize damage and restore normal operations. For Salesforce customers and similar environments, the following steps form a practical blueprint:

Immediate containment: Disable suspicious connected apps and revoke any new, unverified authorizations. Temporarily suspend affected user accounts if necessary to prevent further unauthorized access.
Access review: Conduct a thorough inventory of all connected apps, the permissions each app holds, and the data accessible through those integrations. Identify any unusual or unauthorized changes to connected app configurations.
Data classification and minimization: Determine what data could have been exposed and classify it by sensitivity. Focus remediation efforts on the most sensitive data categories while balancing operational needs.
Credential management: Rotate credentials used in compromised sessions or connected-app configurations. Enforce stronger authentication for all privileged accounts involved in the incident.
Forensic analysis: Collect and preserve logs from Salesforce, identity providers, endpoint devices, and network infrastructure to understand the attack path and scope. Correlate events to identify the sequence of actions taken by threat actors.
Remediation and hardening: Patch and update systems, tighten access controls, review security policies, and implement new controls that address discovered weaknesses in connected-app governance.
Notification and communications: If data exposure affects customers or partners, prepare and execute a transparent communication plan that provides relevant details, mitigation steps, and a roadmap for preventing recurrence.
Post-incident review: Conduct a lessons-learned exercise to identify gaps, update incident response plans, and implement improvements across people, processes, and technology.
Ongoing monitoring: After containment, maintain heightened monitoring for signs of repeated access attempts, data anomalies, or new extortion campaigns that may target the same organization or sector.

This structured approach emphasizes not only restoring operations but also shrinking the attacker’s window of opportunity and enhancing the resilience of the organization against future social engineering-driven intrusions.

The extortion dimension: data leaks and pressure campaigns

A notable dimension of this incident is the extortion strategy emerging alongside the breach. A second actor group, associated with the ShinyHunters brand, has been identified as engaging in extortion activities—often following intrusions by the initial access group. The use of a data leak site (DLS) or related intimidation tactics is indicative of a broader trend in cybercrime where perpetrators monetize breaches not only by exfiltrating data but also by creating leverage through public exposure. The implication for victims is clear: even if the immediate data exfiltration is limited or non-sensitive, the threat of public release or perceived reputational damage can be a powerful incentive to comply with demands or to accelerate remediation efforts.

The potential escalation tactics outlined by researchers—where extortion actors indicate readiness to deploy new coercive mechanisms or release additional datasets—point to a future threat landscape in which breaches are followed by sustained pressure campaigns. These campaigns may target financial considerations, legal exposure, customer trust, and brand reputation. Organizations must factor the possibility of extortion-driven risk into their response plans, including legal counsel involvement, crisis communications strategies, and proactive engagement with customers and partners to mitigate damage.

This extortion dimension also reinforces the importance of proactive data governance and breach preparedness. When attackers can threaten to disclose information with reputational implications, the cost of non-compliance or delayed remediation rises significantly. As a result, security programs should incorporate proactive threat modeling that accounts for potential data exposure scenarios and the financial and operational costs of public disclosure. Organizations should also consider cyber insurance implications, including coverage for extortion-related losses and data breach response, while ensuring they maintain robust incident response testing and tabletop exercises to refine their readiness for such scenarios.

Lessons for Salesforce customers and broader security implications

The convergence of social engineering, connected-app governance, and extortion underscores a fundamental lesson for organizations: technical security is necessary but not sufficient. The human factor remains a critical vulnerability, and platform-native capabilities that streamline collaboration must be paired with rigorous governance and proactive monitoring. Salesforce customers, along with users of other enterprise platforms with similar integration features, should reassess their risk posture in light of this campaign and adopt a comprehensive set of controls designed to mitigate social engineering risk and minimize exposure if a breach occurs.

Key takeaways for Salesforce customers include:

Reevaluate the risk posture of all connected apps, eliminating or restricting those with broad data access unless absolutely necessary.
Enforce tighter approval workflows for new integrations, with explicit senior-level sign-off and documentation of the business need.
Strengthen authentication for critical actions, including the process of connecting external apps, and deploy phishing-resistant MFA across the environment.
Regularly audit, test, and refine incident response plans, with exercises focused on connected-app compromise scenarios.
Invest in security awareness training that emphasizes the common social-engineering tactics used to authorize external integrations and encourages verification of IT department requests through independent channels.
Implement data governance and monitoring strategies that allow for rapid detection of unusual access patterns, anomalous data transfers, and suspicious app behavior.
Maintain a clear communications plan for incident response, including internal and external stakeholders, to ensure timely, accurate, and coordinated updates.

For the broader security community, the incident reinforces the value of cross-platform collaboration, threat intelligence sharing, and standardized best practices for connected-app governance. It highlights the need for platform providers to continuously improve security controls around app integrations, including stronger default protections, improved visibility into app authorizations, and proactive alerting on anomalies that could indicate social engineering or credential abuse. The campaign serves as a reminder that attackers will continue to adapt, and organizations must invest in comprehensive, end-to-end security strategies that integrate human factors with technical defenses.

Industry-wide reflections and forward-looking insights

The Google disclosure, in conjunction with the broader campaign patterns, points to several important industry-wide considerations. First, organizations should acknowledge that even the most high-profile, security-conscious companies are vulnerable to social-engineering-driven breaches when trusted processes and external app integrations are involved. This reality elevates the importance of governance around connected apps, the enforcement of least-privilege data access, and continuous monitoring of authorization events across the enterprise. The incident demonstrates that threat actors are motivated by financial gain, and their tactics adapt rapidly as new opportunities emerge in the enterprise software ecosystem.

Second, the continued risk associated with extortion campaigns means that organizations cannot assume that the mere act of limiting access or applying basic security controls will necessarily prevent monetary or reputational damage. Prepared defense-in-depth strategies should anticipate the possibility that attackers will attempt to monetize intrusions through data leakage or coercive actions. This requires robust incident response, communications readiness, and pre-negotiation planning to mitigate potential costs and to maintain trust with customers and partners during and after a breach.

Third, the evolving threat landscape suggests that cross-organizational collaboration—between platform providers, security researchers, enterprise security teams, and incident response communities—will be increasingly crucial. Shared threat intelligence about attacker techniques, infrastructure components, and behavioral patterns can accelerate detection, improve defensive measures, and reduce the impact of social engineering-driven intrusions. The industry must continue to invest in education, training, and tooling to enable security teams to identify and respond to such campaigns quickly and effectively.

Finally, organizations should consider revisiting their vendor risk management practices, particularly for SaaS and cloud-based platforms that host sensitive business data. Third-party risk assessments should incorporate the potential for social engineering to compromise connected-app ecosystems, with expectations for security controls, incident reporting, and breach notification that align with evolving threat models. The incident serves as a call to action for a more proactive, proactive, and coordinated approach to securing enterprise platforms and the human processes that enable them.

Conclusion

The latest revelations about Google’s Salesforce breach, and the broader pattern of social engineering used to penetrate enterprise ecosystems, illustrate a troubling yet addressable reality: attackers are increasingly leveraging trusted workflows and platform features to gain access, extend their reach, and monetize breaches through extortion. The recognition that connected apps can be exploited via convincingly framed IT prompts emphasizes the need for rigorous governance, heightened human-focused training, and robust technical controls across enterprise platforms. The incident also confirms that even a minor data exposure, such as business names and contact details, can become a strategic lever for attackers seeking to pressure victims and magnify the consequences of a breach.

Organizations must act decisively to audit and harden their connected-app ecosystems, implement strong authentication for critical actions, and maintain ongoing vigilance through monitoring and threat detection. The lessons from this campaign extend beyond Salesforce to any system that integrates external tools, including major cloud platforms and enterprise software suites. By combining governance, people, and technology, organizations can reduce the likelihood of a successful social engineering attack and enhance their readiness to respond effectively if intrusion occurs.

In a landscape where threat actors continually adapt, the emphasis on secure, well-governed integrations, comprehensive employee education, and rapid incident response will be central to maintaining resilient operations. The industry’s shared responsibility is clear: protect the interfaces that allow powerful tools to work together, and ensure that human decision-making does not become the path of least resistance for attackers. As organizations strengthen these defenses and learn from each new incident, they will be better positioned to safeguard data, preserve trust, and sustain business momentum in the face of evolving cyber threats.

Google Uncovers a New Scam—and Becomes a Victim It Warned About

The landscape of sophisticated social engineering: how the attack operated

Google’s breach: a timeline, scope, and initial assessments

Actors and tactics: UNC6040, UNC6042, and the ShinyHunters brand

Affected organizations and the breadth of impact

The Salesforce connected apps feature: how the attack app leveraged a trusted capability

Defensive strategies: best practices for Salesforce customers and other platforms

Incident response and remediation: how organizations should react

The extortion dimension: data leaks and pressure campaigns

Lessons for Salesforce customers and broader security implications

Industry-wide reflections and forward-looking insights

AI Applications / Industry

This Week’s Top 5 AI Stories: Dolphin Language, AI Energy Challenges, Cognitive Digital Brains, The Rise of CAIOs, and TSMC’s A14 Chip for AI

This Week in AI: Five Key Stories From Dolphin Translation to Cognitive Digital Brains and Chip Breakthroughs

MWC25: How Rakuten Mobile Is Embedding AI Across Operations – From Autonomous Open RAN and AI Site Management to Green Networking

This Week in AI: The Top 5 Stories Shaping Business, Hardware, and the AI Landscape

CoreAI: Microsoft’s Five Principles for AI Success to Empower Every Developer and Accelerate Innovation

CoreAI and Microsoft Executives Reveal Five Principles for AI Success

Why Alphabet, Nvidia and Google Cloud Are Betting on SSI, the Safe Superintelligence Startup Led by Ex-OpenAI Chief Scientist Ilya Sutskever

This Week in AI: 5 Must-Read Stories From SAP, OpenAI, Nvidia, Microsoft, and Dell.

Why Alphabet, Nvidia and Google Cloud Are Investing in SSI, the Safe Superintelligence Startup Co-Founded by OpenAI’s Ilya Sutskever

Tackling Spam with GFI Software

MWC25: Rakuten Mobile Embeds AI Across Open RAN and Site Management, Driving Autonomous Networks, Efficiency, and Sustainability

MWC25: Fujitsu Unveils AI-Driven 5G Strategy for Telcos, Highlighting AI-RAN, Open RAN, and Private 5G ROI

MWC25: Fujitsu Unveils AI-Driven 5G Strategy for Telcos, Highlighting AI-RAN, Private 5G and ROI Growth

ISO 27001: Why It’s More Relevant Than Ever in the Digital Age

Inside Fujitsu & Nvidia’s Healthcare AI Orchestrator: A Platform That Coordinates Autonomous Medical Agents for Smarter Care

Fujitsu and Nvidia’s Healthcare AI Orchestrator Platform: Coordinating Autonomous Agents to Streamline Hospitals and Elevate Patient Care

Gartner: CDAOs Now Lead Enterprise AI Strategy, Reordering C-Suite Power Toward Data-Driven Leadership

Why CDAOs Are Now Leading Enterprise AI Strategy, Gartner Finds

CEOs See AI’s Impact, Yet Only 44% Trust CIOs’ AI Skills, Gartner Finds

CEOs View Only 44% of CIOs as AI-Savvy, Gartner Finds, Highlighting Urgent Upskilling Needs

Gen Z Embraces AI Agents, but Businesses Lag: Salesforce Reveals a Growing Demand–Delivery Gap

Salesforce: Gen Z Drives AI Agent Adoption as Businesses Lag Behind in Meeting Consumer Demand

Did PENN Entertainment End the Shortened Trading Week Higher After ESPN Bet Expansion and Rebranding?

Did PENN Entertainment Close the Shortened Trading Week Higher, Up 4.92% to $19.19?

Could Alibaba (BABA) Be a Top Growth Stock to Buy and Hold in 2025?

Meta shares jump more than 10% after revenue beat, raises forecast

The landscape of sophisticated social engineering: how the attack operated

Google’s breach: a timeline, scope, and initial assessments

Actors and tactics: UNC6040, UNC6042, and the ShinyHunters brand

Affected organizations and the breadth of impact

The Salesforce connected apps feature: how the attack app leveraged a trusted capability

Defensive strategies: best practices for Salesforce customers and other platforms

Incident response and remediation: how organizations should react

The extortion dimension: data leaks and pressure campaigns

Lessons for Salesforce customers and broader security implications

Industry-wide reflections and forward-looking insights

Related News