Hackers Abuse Compromised OAuth Tokens to Access and Steal Salesforce Corporate Data

Threat Score:
54
GB Hackers
2 days ago

Overview

Hackers Abuse Compromised OAuth Tokens to Access and Steal Salesforce Corporate Data Google Threat Intelligence Group (GTIG) hasissuedan advisory concerning a broad data theft operation targeting corporate Salesforce instances via the Drift integration. Beginning as early as August 8, 2025, UNC6395 leveraged valid access and refresh tokens associated with the Salesloft Drift app to connect as an authenticated connected app user, executing large-scale SOQL queries to export records from key Sales...

Related Articles

5 articles
2

WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices

GB Hackers 4 hours ago

WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices WhatsApp has issued a critical security advisory addressing a newly discovered zero-day vulnerability, tracked as CVE-2025-55177, which has been exploited in highly sophisticated zero-click attacks targeting Mac and iOS users. The vulnerability, combined with an OS-level flaw (CVE-2025-43300), has raised alarms the potential compromise of user devices and data, including sensitive messages. Vulnerability Details

Score
81
Read more
4

WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users

Cybersecurity News 6 hours ago

A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed. The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems to compromise devices and access user data. WhatsApp has since patched the vulnerability and has […]

Score
79
Read more