CYBERSECURITY An adversary who steals your ChatGPT conversations might see a lot more than your recent query asking “how do you dance at a party”—they might also figure out your organization’s intellectual property and strategy. IBM, in its annual X-Force Threat Intelligence Index, reported that infostealers snatched 300,000 ChatGPT credentials last year. The finding suggests that AI is providing a new spin on a common cybersecurity threat, business email compromise, as adversaries target chatbots rich with potential IP, search histories, and strategy docs. “Instead of a business email compromise, you have a threat actor hiding in the AI prompting. So, they can really just sit, and watch, and discover what you’re trying to develop,” Ryan Anschutz, North America leader for IBM’s X-Force incident response team, told IT Brew. What’s in it for the adversary?—BH | | |
|
|
Presented By ThreatLocker Ever had a brother or sister steal your diary from your room and read everything in it? Well, your trusted apps are a lot like that diary: friendly and useful, yet terrifying when compromised. ThreatLocker Ringfencing builds a moat around apps. Word can open docs, but it can’t recruit PowerShell for mischief. Think of Ringfencing as parental control for apps—strict, nuanced, and slightly disappointed. Baseline policies snap on for Office, Zoom, and more. Even approved apps inherit user powers, so a compromise can mean data theft, encryption, or surprise network parties with malicious IPs. Ringfencing lets you limit files, registry keys, network hosts, and inter-app calls with surgical rules. Want Word to read docs but never launch another app? Done, and reversible. Result: fewer attack vectors, tighter controls, and fewer post-breach “how did this happen?” conversations. See Ringfencing in action. |
|
SOFTWARE An employee can undo most mistakes with ctrl + z (or command + z if you’re on a Mac). But when an AI agent makes a mistake like deleting an entire database, how do you roll that back? In a string of posts on X in July 2025, Jason Lemkin, founder of entrepreneur-community company SaaStr, shared how Replit’s vibe-coding tool, by its own admission, “made a catastrophic error in judgment” and deleted a database without permission. That mistake was ultimately reversed thanks to code “checkpoints,” Replit spokesperson Patrick Purvis shared with us at the time, but it raised interesting questions over the permanence of agentic decisions, as well as the rollback mechanisms available for AI users. “Treat your agents like interns,” CJ Combs, senior AI consultant at consultancy Columbus, advised. “If you’re going to give them destructive commands or service-interrupting commands, you definitely want to be able to have a way to recover said data if that agent has those capabilities.” Flip it and reverse it.—BH | | |
|
|
CYBERSECURITY The Salesforce cybersecurity incident from last summer may feel like the distant past, but companies report they’re still experiencing attacks as a result of that initial incursion. Brief me on the original attacks. The Salesforce incidents happened in 2024 and 2025. The first attack was from UNC6040, a group that used social engineering to access Salesforce customers’ data; they now refer to themselves as “ShinyHunters.” ShinyHunters is a threat group that broke onto the cyber scene in 2020, according to Bugcrowd. These attackers start by identifying organizations that utilize Microsoft’s Office 365 and then search for businesses that store GitHub open authorization tokens for further supply-chain attacks. Salesforce faced a second cybersecurity incident in August 2025 when Salesloft announced that it had detected a security issue in its Salesloft Drift application, an AI-powered sales engagement platform that lets sales teams integrate Salesforce instances into their AI chatbot workflows. The attackers (UNC6395) are reportedly not part of ShinyHunters, but Cory Michal, VP of security at AppOmni, told IT Brew there might be some kind of overlap. The threat actors used stolen OAuth credentials to pull sensitive data from Salesforce customer instances. Some say they experienced data theft in connection to the attack.—CN | | |
|
|
PATCH NOTES Today’s top IT reads. Stat: 14. That’s how many states will have a law against microchipping employees if Washington Gov. Bob Ferguson signs the latest piece of legislation banning the practice. (GeekWire) Quote: “Go find out about XYZ, and come back to me with everything you’ve seen. Go scan the net blocks owned by this particular entity.”—Sherrod DeGrippo, Microsoft’s GM of global threat intelligence, on the types of tasks cybercriminals delegate to AI agents (The Register) Read: Rumour has it Apple is cooking up some new high-end tech for its hardware lineup. (PCMag) Apps on a short leash: Approved apps can misbehave. ThreatLocker Ringfencing locks them down; baseline policies for Office, PowerShell, and Zoom, plus granular rules so Word opens docs but can’t spawn trouble. Check out ThreatLocker.* *A message from our sponsor. |
|
|
After years in research labs, quantum computing is edging closer to real-world deployment. Here’s why industry advocates say the technology is ready to tackle logistics, healthcare, cybersecurity, and defense challenges. Read now |
|
|
SHARE THE BREW  Share the Brew, watch your referral count climb, and unlock brag-worthy swag. Your friends get smarter. You get rewarded. Win-win. Your referral count: 5 Click to Share Or copy & paste your referral link to others:
itbrew.com/r/?kid=9ec4d467 |
|
|
|
ADVERTISE // CAREERS // SHOP // FAQ
Update your email preferences or unsubscribe .
View our privacy policy .
Copyright © 2026 Morning Brew Inc. All rights reserved.
22 W 19th St, 4th Floor, New York, NY 10011 |
|
