Attackers steal data from Salesforce instances via compromised AI live chat tool

Threat Score:

CSO Online

3 days ago

Part of cluster #2214

Overview

A threat actor managed to obtain Salesforce OAuth tokens from a third-party integration called Salesloft Drift and used the tokens to download large volumes of data from impacted Salesforce instances. One of the attacker’s goals was to find and extract additional credentials stored in Salesforce records that could expand their access. “After the data was exfiltrated, the actor searched through the data to look for secrets that could be potentially used to compromise victim environments,” the Goo...

Continue Reading on Original Site

5 articles

Deception in depth: Defending against sophisticated and evolving PRC-nexus espionage campaigns

Brighttalk • 8 hours ago

Presented by Patrick Whitsell, Security Engineer, Google Threat Intelligence Group and Austin Larsen, Principal Threat Analyst, Google Threat Intelligence Group

Score

WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices

GB Hackers • 4 hours ago

WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices WhatsApp has issued a critical security advisory addressing a newly discovered zero-day vulnerability, tracked as CVE-2025-55177, which has been exploited in highly sophisticated zero-click attacks targeting Mac and iOS users. The vulnerability, combined with an OS-level flaw (CVE-2025-43300), has raised alarms the potential compromise of user devices and data, including sensitive messages. Vulnerability Details

Score

TransUnion Data Breach Impacts 4.4 Million

SecurityWeek • 11 hours ago

The credit reporting firm did not name the third-party application involved in the incident, only noting that it was used for its US consumer support operations.

Score

WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users

Cybersecurity News • 6 hours ago

A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed. The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems to compromise devices and access user data. WhatsApp has since patched the vulnerability and has […]

Score

Google Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft Campaign

SecurityWeek • 11 hours ago

Google says the same OAuth token compromise that enabled Salesforce data theft also let hackers access a small number of Workspace accounts via the Salesloft Drift integration.

Score

COMPANIES

Amazon

Google

Salesforce

Salesloft

SECURITY VENDORS

Google Threat Intelligence Group

Mandiant

PLATFORMS

AWS

Amazon Web Services

Drift

Google Workspace

Salesforce

APT GROUPS

ShinyHunters

UNC6395

RANSOMWARE

Blind

One

ShinyHunters

Surprise

ATTACK TYPES

Credential Harvesting

Credential Theft

Data Exfiltration

Data Theft

OAuth Token Abuse

MITRE ATT&CK

T1003

T1003.001

T1005

T1040

T1041

INDUSTRIES

Cloud Services

Customer Relationship Management

SaaS

Sales Automation

Software

ARTICLE INFORMATION

Article #14869

Published 3 days ago

CSO Online

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

Deception in depth: Defending against sophisticated and evolving PRC-nexus espionage campaigns

WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices

TransUnion Data Breach Impacts 4.4 Million

WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users

Google Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft Campaign

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies