Welcome to the Triad Situation Report, your trusted source for the latest cybersecurity and compliance news. In this edition, we bring you crucial updates on emerging cyber threats, including data breaches, phishing schemes, and sophisticated malware campaigns. Stay informed and take proactive steps to protect your business from evolving cyber risks.
TransUnion Data Breach Affects Over 4.4 Million People
Credit reporting giant TransUnion disclosed a breach in its third-party Salesforce system that exposed personal data—though not credit scores—of more than 4.4 million US consumers. The compromised data may include support tickets and messages. TransUnion has engaged law enforcement and forensic experts and is offering affected individuals credit monitoring services.
Salt Typhoon APT Continues Global Espionage Campaign
The China-affiliated APT group known as Salt Typhoon has exploited vulnerabilities in router and edge devices from Cisco, Ivanti, and Palo Alto to breach approximately 600 organizations across 80 countries, beginning as early as 2019. Targeted sectors include telecom, government, transportation, lodging, and military infrastructure.
First AI-Powered Ransomware ‘PromptLock’ Emerges
Security researchers at ESET discovered PromptLock—the first known AI-driven ransomware. This proof-of-concept malware uses OpenAI’s GPT‑OSS:20B model via the Ollama API to dynamically generate Lua scripts for file enumeration, data theft, and encryption across Windows, Linux, and macOS systems.
Phishing Evolution: Modern Threat Tactics
Push Security’s resource on the evolution of phishing highlights how attackers are leveraging advanced techniques to evade detection and trick users—such as sophisticated lures, social engineering subtleties, and browser-based evasion strategies.
FBI Confirms Salt Typhoon Hacked at Least 200 U.S. Companies
The FBI’s top cyber official confirmed that a Chinese-backed hacking campaign, known as Salt Typhoon, has breached at least 200 American companies—expanding beyond telecommunications into a broader national-scale espionage effort. The hackers gained unauthorized access to sensitive systems and call records belonging to U.S. officials, prompting agencies to advise the use of encrypted messaging. The FBI and international partners issued a technical advisory on identifying Salt Typhoon intrusions.
How Triad InfoSec Can Assist Your Business:
Navigating the complexities of cybersecurity compliance can be challenging. Triad InfoSec is dedicated to helping businesses prepare for CMMC audits, ensuring compliance, and optimizing cybersecurity strategies. Our services include:
- CMMC Audit Preparation: Guiding your organization through the necessary steps to achieve CMMC certification.
- MSP Partnerships: Collaborating with Managed Service Providers to ensure your business remains compliant while reducing cyber insurance premiums.
- Comprehensive Cybersecurity Solutions: Offering a range of services tailored to meet all your cybersecurity needs.
Partner with Triad InfoSec to secure your business’s future
