Google: Salesloft Drift breach hits all integrations

Threat Score:

Security Affairs

14 hours ago

Part of cluster #2214

Overview

Google warns that Salesloft Drift OAuth breach affects all integrations, not just Salesforce. All tokens should be treated as compromised. Google disclosed that the Salesloft Drift OAuth breach is broader than Salesforce, affecting all integrations. GTIG and Mandiant advise all customers to treat connected tokens as compromised. Attackers used stolen OAuth tokens to access some […]...

Continue Reading on Original Site

5 articles

Deception in depth: Defending against sophisticated and evolving PRC-nexus espionage campaigns

Brighttalk • 8 hours ago

Presented by Patrick Whitsell, Security Engineer, Google Threat Intelligence Group and Austin Larsen, Principal Threat Analyst, Google Threat Intelligence Group

Score

WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices

GB Hackers • 4 hours ago

WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices WhatsApp has issued a critical security advisory addressing a newly discovered zero-day vulnerability, tracked as CVE-2025-55177, which has been exploited in highly sophisticated zero-click attacks targeting Mac and iOS users. The vulnerability, combined with an OS-level flaw (CVE-2025-43300), has raised alarms the potential compromise of user devices and data, including sensitive messages. Vulnerability Details

Score

TransUnion Data Breach Impacts 4.4 Million

SecurityWeek • 11 hours ago

The credit reporting firm did not name the third-party application involved in the incident, only noting that it was used for its US consumer support operations.

Score

WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users

Cybersecurity News • 6 hours ago

A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed. The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems to compromise devices and access user data. WhatsApp has since patched the vulnerability and has […]

Score

Google Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft Campaign

SecurityWeek • 10 hours ago

Google says the same OAuth token compromise that enabled Salesforce data theft also let hackers access a small number of Workspace accounts via the Salesloft Drift integration.

Score

COMPANIES

Google

Salesforce

Salesloft

SECURITY VENDORS

Mandiant

PLATFORMS

Drift

Google Workspace

Salesforce

APT GROUPS

UNC6395

ATTACK TYPES

Data Exfiltration

OAuth Token Exploitation

OAuth Token Theft

MITRE ATT&CK

T1003

T1041

T1046

T1053

T1059.007

INDUSTRIES

SaaS

Sales Automation

Technology

ARTICLE INFORMATION

Article #15458

Published 14 hours ago

Security Affairs

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

Deception in depth: Defending against sophisticated and evolving PRC-nexus espionage campaigns

WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices

TransUnion Data Breach Impacts 4.4 Million

WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users

Google Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft Campaign

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies