The company said a threat actor accessed and snooped around its account for months, then stole OAuth tokens for Drift integrations from its cloud environment.

The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor configuration practices.

Salesloft said the AI chat agent for sales and leads will be taken offline, as investigations into the attack spree widen and reveal more victims.

Researchers said Google Workspace customers were hit, and noted other platforms are impacted as well. Fresh evidence proves impact was not limited to Salesforce, as Salesloft previously…

A threat group Google tracks as UNC6395 systematically stole large amounts of data from Salesforce customer instances by using OAuth tokens stolen from Salesloft Drift, researchers said.

Linen Typhoon, Violet Typhoon and Storm-2603 are behind the initial attack spree that erupted over the weekend. Other threat groups are now following suit.

The cybercrime ring has infiltrated more than 100 businesses since 2022, including more than a dozen since it regrouped earlier this year.

French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities.

Hawaiian Airlines announced a cybersecurity incident Friday as security experts warned of a sector-wide threat.

Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.