Cloudflare, Palo Alto Networks, and Zscaler are the latest among hundreds of victims of an expanding data-stealing attack by the UNC6395 threat group that is exploiting compromised OAuth tokens associated with Salesloft’s Drift app to access organizations’ Salesforce tenants and exfiltrate customer data.
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/09/salesloft-drift-breach-rolls-up-cloudflare-palo-alto-zscaler-and-others/
