Daily CISO Briefing Note | December 1, 2025

Welcome reader, here’s today’s Cyber Briefing Note.

Brought to you by:

👣 Smallstep – Secures Wi-Fi, VPNs, ZTNA, SaaS and APIs with hardware-bound credentials powered by ACME Device Attestation

 📊 LockThreat – AI-powered GRC that replaces legacy tools and unifies compliance, risk, audit and vendor management in one platform

Full access to CybersecurityHQ’s deep-dive intelligence, weekly executive cyber briefings, premium research, and analytic tools — $299/year.
Enterprise and team licenses available.

Summary The past 48 hours included disclosures involving Salesforce integrations through Gainsight, a large customer data exposure at Coupang, an industrial control advisory affecting ScadaBR and OpenPLC deployments, and new research on the Albiriox mobile fraud ecosystem. These signals came from unrelated sectors but appeared within the same reporting window through shared service providers and common technology layers.

Theme 1: OAuth token access through Gainsight integrations into Salesforce environments Security vendor research described the use of OAuth tokens issued by Gainsight applications to access Salesforce customer environments across more than 200 organizations. The activity involved financial and technology firms that rely on Gainsight for analytics functions connected to CRM pipelines. The events centered on privileges managed by third-party integrations rather than Salesforce core services. Executive relevance sits in the presence of operational data inside external application layers that interact with enterprise SaaS tenants through standard authorization scopes.

Theme 2: Customer data exposure disclosed by Coupang in South Korea A company disclosure confirmed unauthorized access impacting approximately 34 million customer accounts, including identifiers associated with retail and delivery operations. The disclosure came through national regulatory filing and involved information stored within a single commercial ecosystem that supports logistics, marketplace transactions, and fulfillment services. Executive relevance sits in the concentration of personal data within commercial platforms that operate across retail, supply chain, and customer engagement functions under multiple regulatory oversight contexts.

Theme 3: ScadaBR added to CISA Known Exploited Vulnerabilities catalog A CISA advisory listed CVE-2024-47961 affecting ScadaBR, often deployed alongside OpenPLC components, following confirmation of active exploitation. These systems appear in manufacturing, utilities, and automation environments supported by open-source and commercial maintenance models. The advisory did not specify targeted industries but identified control-layer technologies present in multiple operational settings. Executive relevance sits in the coexistence of industrial automation tools maintained by diverse supplier communities and internal engineering groups within broader enterprise infrastructures.

Theme 4: Mobile-directed financial fraud activity linked to Albiriox ecosystem Security vendor research on the Albiriox Android malware described remote interaction with infected devices and targeted activity against banking, fintech, and cryptocurrency applications. Evidence included on-device transaction manipulation and session control features. The environment involved personal mobile devices, public connectivity, and financial applications operating outside enterprise perimeters. Executive relevance sits in financial activity occurring on user-owned platforms that function outside enterprise-managed networks and authentication systems.

Synthesis Multiple unrelated sectors appeared within the same reporting window through shared service providers, common technology layers, and overlapping data locations rather than shared threat characteristics.

Author
Daniel Michan is the founder of CybersecurityHQ, a CISO-grade intelligence platform read weekly across the Fortune 100. He analyzes identity-centric risk, machine identity failures, SaaS integration breakdowns, and emerging AI-speed threats, producing executive briefings and deep-dive research used by enterprise security leaders for decision support.