Tag: theft
-
Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft
Jaguar Land Rover shut down systems after a cyberattack, disrupting production and retail, but says customer data likely remains safe. Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack occurred over the weekend, and it also impacted systems at the Solihull production plant. UK dealers reported…
-
Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft
Jaguar Land Rover shut down systems after a cyberattack, disrupting production and retail, but says customer data likely remains safe. Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack occurred over the weekend, and it also impacted systems at the Solihull production plant. UK dealers reported…
-
Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations
Salesloft on Tuesday announced that it’s taking Drift temporarily offline “in the very near future,” as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the marketing software-as-a-service product, resulting in the mass theft of authentication tokens.”This will provide the fastest path forward to comprehensively review the application and build First…
-
Amazon Stymies APT29 Credential Theft Campaign
A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft’s device code authentication flow. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/amazon-apt29-credential-theft-campaign
-
Palo Alto Networks, Zscaler Among Victims Of Salesforce Third-Party Breach
Palo Alto Networks and Zscaler confirmed they’re among the latest victims in the campaign targeting widespread theft of Salesforce data through compromising Salesloft Drift, a popular third-party Salesforce application. First seen on crn.com Jump to article: www.crn.com/news/security/2025/palo-alto-networks-zscaler-among-victims-of-salesforce-third-party-breach
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
Salesloft Drift Attacks Exposed Zscaler Customer Data
‘Widespread Data Theft Campaign’ Compromised Many Drift OAuth Tokens, Warn Experts. Threat researchers report that a widespread data theft campaign traces to attackers stealing OAuth access tokens for applications integrated with Salesloft’s AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached. First seen on govinfosecurity.com Jump to…
-
Salesloft Drift Attacks Exposed Zscaler Customer Data
‘Widespread Data Theft Campaign’ Compromised Many Drift OAuth Tokens, Warn Experts. Threat researchers report that a widespread data theft campaign traces to attackers stealing OAuth access tokens for applications integrated with Salesloft’s AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached. First seen on govinfosecurity.com Jump to…
-
Hidden Commands in Images Exploit AI Chatbots and Steal Data
Hidden commands in images can exploit AI chatbots, leading to data theft on platforms like Gemini through a… First seen on hackread.com Jump to article: hackread.com/hidden-commands-images-exploit-ai-chatbots-steal-data/
-
Event Horizon for Vibe Hacking Draws Closer, Anthropic Warns
Cyber Extortion Campaign Automated Efforts to ‘Unprecedented’ Degree, Says AI Giant. Artificial intelligence giant Anthropic said it’s disrupted a cybercrime operation that tapped its large language models, including Claude Code, to an unprecedented extent to help automate a data theft and extortion campaign that targeted more than a dozen critical infrastructure organizations. First seen on…
-
Law Enforcement Operation Seizes Fake ID Platform VerifTools
FBI Seizes Domains; Dutch Police Analyzing Seized Data to Identify Admin and Users. An international law enforcement operation involving the FBI and Dutch police has shuttered VerifTools, a key platform for generating fake identification documents cops have tied to multiple help desk fraud, cryptocurrency theft and other cybercrime cases. First seen on govinfosecurity.com Jump to…
-
Malicious npm Package Impersonates Popular Nodemailer, Puts 3.9M Weekly Downloads at Risk of Crypto Theft
A sophisticated cryptocurrency theft scheme involving a malicious npm package that masquerades as the widely-used Nodemailer email library while secretly hijacking desktop cryptocurrency wallets on Windows systems. Socket’s Threat Research Team identified the malicious package, nodejs-smtp, which impersonates the legitimate Nodemailer library that averages approximately 3.9 million weekly downloads. The fraudulent package employs a clever…
-
When Salesforce Becomes a De Facto Credential Repository: Lessons from the Drift OAuth Breach
3 min readThis malicious campaign demonstrates how long-lived token theft can become the first step in a much broader breach. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/when-salesforce-becomes-a-de-facto-credential-repository-lessons-from-the-drift-oauth-breach/
-
Google warns that mass data theft hitting Salesloft AI agent has grown bigger
Assume all Salesloft credentials are compromised after Workspace breach, Google says. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/08/google-warns-that-mass-data-theft-hitting-salesloft-ai-agent-has-grown-bigger/
-
Cybercrime increasingly moving beyond financial gains
Tags: attack, awareness, business, ciso, computer, corporate, cyber, cyberattack, cybercrime, cybersecurity, defense, disinformation, espionage, finance, government, group, hacker, hacking, incident response, infrastructure, intelligence, iran, malicious, military, network, ransom, ransomware, risk, risk-analysis, russia, strategy, theft, threat, tool, ukraine, vulnerability, wormsrcset=”https://b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?quality=50&strip=all 892w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=223%2C300&quality=50&strip=all 223w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=768%2C1033&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=761%2C1024&quality=50&strip=all 761w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=518%2C697&quality=50&strip=all 518w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=125%2C168&quality=50&strip=all 125w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=62%2C84&quality=50&strip=all 62w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=357%2C480&quality=50&strip=all 357w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=268%2C360&quality=50&strip=all 268w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=186%2C250&quality=50&strip=all 186w” width=”761″ height=”1024″ sizes=”auto, (max-width: 761px) 100vw, 761px”> Incibe. En la imagen, Patricia Alonso GarcÃa.”We are very redundant when talking about cybercrime, because we always associate it with economic motivations,” says Hervé Lambert, global consumer operations…
-
Federal, state officials investigating ransomware attack targeting Nevada
The Sunday attack disrupted key services across the state and led to the theft of some data. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/federal-state-investigating-ransomware-nevada/758863/
-
Google Identifies ‘Widespread Data Theft’ Impacting Salesforce-Salesloft Drift Users
Google Threat Intelligence Group shared its findings about a threat actor responsible for stealing Salesforce customer data via Salesloft Drift. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-salesforce-salesloft-drift-data-breach/
-
BadSuccessor After Patch: Using dMSAs for Credential Theft and Lateral Movement in AD
Akamai researchers evaluated Microsoft’s patch for the BadSuccessor vulnerability (CVE-2025-53779) to determine its scope and limitations. While the update effectively blocks the original direct escalation path, the core mechanics of BadSuccessor remain exploitable under specific conditions. In this article, we examine how attackers can continue to leverage delegated Managed Service Accounts (dMSAs) for credential theft…
-
UNC6395 targets Salesloft in Drift OAuth token theft campaign
Hackers breached Salesloft to steal OAuth/refresh tokens for Drift AI chat; GTIG and Mandiant link the campaign to threat actor UNC6395. Google Threat Intelligence Group and Mandiant researchers investigate a large-scale data theft campaign carried out to hack the sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat…
-
KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge
Tags: ai, attack, credentials, cyber, cybersecurity, finance, risk, risk-management, supply-chain, theft, threat, vulnerabilityKnowBe4, the human risk management cybersecurity platform, has released its latest research paper >>Financial Sector Threats Report,
-
Storm-0501 hackers shift to ransomware attacks in the cloud
Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/storm-0501-hackers-shift-to-ransomware-attacks-in-the-cloud/
-
Salesforce Attacks Stemmed From Third-Party App
A group tracked as UNC6395 engaged in widespread data theft via compromised OAuth tokens from a third-party app called Salesloft Drift. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/google-salesforce-attacks-third-party-app
-
Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025.”The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions,” the company said. “ First seen on…
-
Google Reveals UNC6395’s OAuth Token Theft in Salesforce Breach
A new advisory from Google and Mandiant reveals a widespread data breach in Salesforce. Learn how UNC6395 bypassed… First seen on hackread.com Jump to article: hackread.com/google-unc639s-oauth-token-theft-salesforce-breach/
-
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent.The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group and Mandiant, tracked as UNC6395.”Beginning as…
-
New Data Theft Campaign Targets Salesforce via Salesloft App
Google is warning of a new credential theft campaign targeting Salesforce customers via Salesloft Drift First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/data-theft-campaign-salesforce/