Cybersecurity

First week of September: everything breached at once

Six major breaches in one week across the platforms most businesses consider foundational.

September 4, 2025 4 min read

The first week of September 2025 delivered six major breaches simultaneously across Google Workspace, WhatsApp (zero-click CVE-2025-55177), Azure AD (CVE-2025-55241 — Global Admin impersonation), Jaguar Land Rover (factories shut four weeks), and the Drift OAuth breach spreading to Proofpoint, Tenable, Tanium, and SpyCloud.

What connects these attacks

  • Supply chain and OAuth trust. The Drift breach cascaded through every company that trusted Drift's OAuth token.
  • Identity infrastructure as target. Compromise the identity layer, and you already belong.

What to do

  1. Revoke and rotate OAuth tokens. Audit every third-party integration.
  2. Patch Azure AD immediately. CVE-2025-55241 is a Global Admin impersonation vector.
  3. Update WhatsApp via MDM.
  4. Test your incident response plan.