Tag: data-breach
-
Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise
Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/03/cloudflare-confirms-data-breach-linked-to-salesloft-drift-supply-chain-compromise/
-
Cloudflare, Zscaler among companies impacted by Salesloft Drift incident
Multiple tech firms have publicly detailed how incidents involving the third-party Salesloft Drift tool have exposed customer data. First seen on therecord.media Jump to article: therecord.media/salesloft-drift-breach-cloudflare-zscaler-palo-alto-networks
-
PagerDuty Confirms Data Breach After Salesforce Account Compromise
PagerDuty has confirmed that it experienced a data breach following a compromise of its Salesforce account. The company was first alerted to the issue by Salesloft on August 20, 2025, when Salesloft notified PagerDuty of a security problem in the Drift application. A few days later, on August 23, Salesloft revealed that attackers had exploited…
-
Salesloft Drift: KI-Tool beschert mehreren großen IT-Konzernen Datenlecks
Salesforce-Instanzen Hunderter Unternehmen wie Cloudflare, Zscaler und Palo Alto Networks sind kompromittiert worden – inklusive enthaltener Kundendaten. First seen on golem.de Jump to article: www.golem.de/news/ki-chatbot-anbieter-tokenklau-bei-salesloft-drift-trifft-mehrere-grosse-konzerne-2509-199746.html
-
A CISO’s guide to monitoring the dark web
Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerabilityIs your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. Sıla Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
-
A CISO’s guide to monitoring the dark web
Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerabilityIs your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. Sıla Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
-
A CISO’s guide to monitoring the dark web
Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerabilityIs your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. Sıla Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
-
Cloudflare Confirms Data Breach Customer Data Exposed via Salesforce Attack
Cloudflare has disclosed a significant data breach affecting customer information following a sophisticated supply chain attack targeting its Salesforce integration with Salesloft Drift. The incident, which occurred between August 12-17, 2025, resulted in the exposure of customer support case data and potentially sensitive credentials shared through support channels. The Breach Details The cybersecurity company became…
-
Cloudflare Confirms Data Breach Linked to Salesforce and Salesloft Drift
Cloudflare confirms a Salesforce-linked data breach via Salesloft Drift, exposing customer support case data but leaving core systems… First seen on hackread.com Jump to article: hackread.com/cloudflare-data-breach-salesforce-and-salesloft-drift/
-
Cloudflare Confirms Data Breach Linked to Salesforce and Salesloft Drift
Cloudflare confirms a Salesforce-linked data breach via Salesloft Drift, exposing customer support case data but leaving core systems… First seen on hackread.com Jump to article: hackread.com/cloudflare-data-breach-salesforce-and-salesloft-drift/
-
Navy Federal Credit Union Backup Exposed Online
Researcher: Internal Data Belonging to World’s Largest Lender Exposed on AWS. Navy Federal, the world’s largest credit union, left hundreds of gigabytes of internal backup files exposed on Amazon’s cloud storage service, says cybersecurity researcher Jeremiah Fowler. Exposed data included email addresses, hashed passwords and what appeared to be internal system data. First seen on…
-
Cloudflare hit by data breach in Salesloft Drift supply chain attack
Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudflare-hit-by-data-breach-in-salesloft-drift-supply-chain-attack/
-
Zscaler latest victim of Salesloft Drift attacks, customer data exposed
Joins Google, Palo Alto Networks in the ever-growing supply chain compromise First seen on theregister.com Jump to article: www.theregister.com/2025/09/02/zscaler_customer_data_drift_compromise/
-
JSON Config File Leaks Azure ActiveDirectory Credentials
In this type of misconfiguration, cyberattackers could use exposed secrets to authenticate directly via Microsoft’s OAuth 2.0 endpoints and infiltrate Azure cloud environments. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/public-file-leaks-azure-activedirectory-credentials
-
Azure AD Credentials Exposed in Public App Settings File
Experts have revealed an Azure AD vulnerability exposing ClientId and ClientSecret in a publicly accessible appsettings.json file First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/azure-ad-credentials-exposed/
-
No, Google did not warn 2.5 billion Gmail users to reset passwords
Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/technology/no-google-did-not-warn-25-billion-gmail-users-to-reset-passwords/
-
Palo Alto Networks disclose a data breach linked to Salesloft Drift incident
Palo Alto Networks hit by Drift-linked supply-chain attack, exposing Salesforce customer data and support cases via stolen OAuth tokens. Palo Alto Networks is another victim of the Salesloft Drift incident, which allowed attackers to access its Salesforce account, as per BleepingComputer. The company discloses a breach after attackers used stolen OAuth tokens from Salesloft Drift,…
-
Salesloft Drift Attacks Exposed Zscaler Customer Data
‘Widespread Data Theft Campaign’ Compromised Many Drift OAuth Tokens, Warn Experts. Threat researchers report that a widespread data theft campaign traces to attackers stealing OAuth access tokens for applications integrated with Salesloft’s AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached. First seen on govinfosecurity.com Jump to…
-
Palo Alto Networks data breach exposes customer info, support cases
Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-networks-data-breach-exposes-customer-info-support-cases/
-
Salesloft Drift Attacks Exposed Zscaler Customer Data
‘Widespread Data Theft Campaign’ Compromised Many Drift OAuth Tokens, Warn Experts. Threat researchers report that a widespread data theft campaign traces to attackers stealing OAuth access tokens for applications integrated with Salesloft’s AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached. First seen on govinfosecurity.com Jump to…
-
Palo Alto Networks Confirms Data Breach via Compromised Salesforce Instances
Cybersecurity vendor Palo Alto Networks disclosed that its Salesforce environment was breached through a compromised Salesloft Drift integration, marking the latest in a series of supply chain attacks targeting customer relationship management platforms. According to a statement from Palo Alto Networks, Salesloft’s Drift application”, used by hundreds of organizations to streamline sales engagement”, suffered an…
-
Palo Alto Networks data breach exposes customer info, support tickets
Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-networks-data-breach-exposes-customer-info-support-tickets/
-
Leaked ChatGPT Chats: Users Treat AI as Therapist, Lawyer, Confidant
Leaked ChatGPT chats reveal users sharing sensitive data, resumes, and seeking advice on mental health, exposing risks of… First seen on hackread.com Jump to article: hackread.com/leaked-chatgpt-chats-users-ai-therapist-lawyer-confidant/
-
Ukrainian Hackers Ramp Up Brute-Force and Password-Spraying Attacks on VPN and RDP Systems
In mid-2025, a coalition of Ukraine-based autonomous systems orchestrated unprecedented brute-force and password-spraying campaigns against exposed SSL VPN and Remote Desktop Protocol (RDP) services, overwhelming security defenses and highlighting the growing sophistication of state-linked cyber-infrastructure. Over a concentrated three-day period in July 2025, the network operated under AS211736 (“FDN3”), allocated to FOP Dmytro Nedilskyi, unleashed…
-
Azure AD Vulnerability Leaks Credentials, Lets Attackers Deploy Malicious Apps
Exposing an ASP.NET Core appsettings.json file containing Azure Active Directory (Azure AD) credentials poses acritical attack vector, effectively handing adversaries the keys to an organization’s cloud environment. During a recent cybersecurity assessment by Resecurity’s HUNTER Team, researchers discovered that a publicly accessible appsettings.json file had exposed the ClientId and ClientSecret of an Azure AD application,…
-
Google dementiert: Nein, es gibt kein Datenleck mit Milliarden von Gmail-Konten
Im Netz häufen sich Berichte über ein angebliches Datenleck, das bis zu 2,5 Milliarden Gmail-Nutzer betreffen soll. Laut Google völlig falsch. First seen on golem.de Jump to article: www.golem.de/news/google-dementiert-nein-es-gibt-kein-datenleck-mit-milliarden-von-gmail-konten-2509-199697.html
-
What the GitGuardian secrets sprawl report reveals about leaked credentials
In this Help Net Security video, Dwayne McDaniel, Senior Developer Advocate at GitGuardian, presents findings from The State of Secrets Sprawl 2025. McDaniel explains why … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/02/gitguardian-secrets-sprawl-video/