Overview

• Colt’s customer portal (Colt Online) and Voice API remain offline with no estimated restoration timeline after the cyber incident began on August 12.
• The company says the breach targeted an internal system separate from customer networks and that it has found no evidence of customer or employee data access.
• A threat actor using the alias 'cnkjasdfgd' claiming affiliation with the WarLock ransomware gang posted data samples and offered allegedly stolen Colt files for $200,000.
• Security researcher Kevin Beaumont reported likely exploitation of a Microsoft SharePoint zero-day (CVE-2025-53770) alongside observed Shodan scans, implanted webshells and firewall changes.
• Colt has notified authorities and is collaborating with third-party cyber experts to investigate the incident and restore affected systems.