News

"Widespread data theft" hits Salesforce customers via third party

How the threat actor, tracked as UNC (uncategorised) 6395, obtained the OAuth tokens from Salesloft to exfiltrate data from customer Salesforce instances wasn't detailed. Saleslof ...
The Hacker News9d

ShinyHunters Data Breach vs. SaaS: Why Dynamic Security Matters

ShinyHunters is a notorious cybercrime group that has resurfaced with a new playbook of SaaS-focused attacks. Known for monetizing stolen data on underground forums since 2020, ShinyHunters has ...
SecurityWeek18h

Security Firms Hit by Salesforce–Salesloft Drift Breach

Cloudflare, Palo Alto Networks, and Zscaler said their Salesforce instances were hacked as part of the Salesforce-Salesloft ...

Google Confirms It Was Hacked After ‘Vishing’ Cyberattack; Is Your Data Compromised? Here’s What We Know

Per the Google Threat Intelligence Group report, the cybercrooks deployed a technique called ‘Vishing’ which is essentially ...

How ShinyHunters Hacking Group Stole Customer Data from Salesforce

Hackers posed as Salesforce IT staff, using vishing to trick employees into installing malicious software for data theft and extortion.
Infosecurity Magazine7d

New Data Theft Campaign Targets Salesforce via Salesloft App

Salesforce customers have again been targeted in a “widespread data theft campaign,” this time via compromised OAuth tokens ...