August 2025 delivered a sharp reminder that even organizations with advanced security infrastructures are not immune to phishing and social engineering. Two separate attacks, one involving Salesforce and the other targeting Cisco, led to data exposure and once again underscored that the human factor remains a primary target for attackers.
On August 6, a large scale attack was disclosed that relied on social engineering techniques aimed at employees of companies using Salesforce. The attackers impersonated legitimate entities and convinced employees to install a fake application, granting them access to sensitive organizational data across multiple customers. This was not a classic software vulnerability, but rather an exploitation of trust and existing work processes.
A day earlier, on August 5, a vishing attack against Cisco was revealed. In this case, a single phone call that appeared entirely legitimate was enough to persuade an employee to grant access to internal systems. Here as well, there was no significant technical weakness involved, only a precise manipulation of pressure, authority, and familiar business context.
Together, these incidents reinforce a clear trend. Phishing is no longer limited to suspicious emails with malicious links. It now arrives through SaaS platforms, phone calls, and interactions that appear completely routine. By the end of the month, it was evident that the primary challenge for organizations lies not only in technological defenses, but in the ability to detect and stop attacks that begin with one person, one action, or one conversation.
