Customers are targeted through compromised OAuth access tokens from Salesloft Drift integrations. IT Pro reports: Google’s Threat Intelligence Group (GTIG) has revealed that hackers harvested user credentials from Salesforce customers in a widespread campaign during the first half of this month. The attacker, tracked as UNC6395, targeted Salesforce customer instances through compromised OAuth tokens associated […]
TransUnion has mailed out notification letters to more than 4.4 million U.S. persons affected by a breach at a third-party application. In its notification to state attorneys general in Maine and California, TransUnion reported that the incident occurred on July 28, 2025, and they learned of it on July 30, 2025. The attack did not […]
HuffPost reports: Acolytes of former White House adviser Elon Musk ignored privacy warnings and mishandled sensitive Social Security information, according to a whistleblower complaint filed Tuesday. Officials from the so-called Department of Government Efficiency potentially put hundreds of millions of Americans’ sensitive information at risk by copying a critical Social Security database and uploading it to an […]
The Record reports: A cyberattack took down systems, websites and phone lines used by the state government of Nevada after an incident on Sunday morning. Nevada governor Joe Lombardo released a statement on Monday afternoon telling the public that emergency services are still available but the network incident “continues to impact the availability of certain […]
USA Herald reports: Tech conglomerate Fortive Corp. has agreed to a $3 million settlement to resolve a sweeping class action after two ransomware attacks in 2023 exposed the personal data of more than 34,000 individuals, according to a Washington federal judge’s preliminary approval. U.S. District Judge Richard A. Jones, presiding in Seattle, signed off Thursday on the […]
Security Week reports: French retail chain Auchan is notifying hundreds of thousands of customers that their personal information was stolen in a data breach. The incident, the company said in notifications sent last week, impacted names, addresses, email addresses, phone numbers, and loyalty card numbers. No banking information, passwords, or PINs have been compromised in […]
First, they impersonated your email domains and vendors in business email compromise and phishing schemes. Then we read how members of “The Com” and “Scattered Spider” would call your helpdesk and claim to be employees who needed a password reset. Impersonation is being taken to the next level. The Register reports: English speakers adept at […]
A provider of criminal background checks in the U.K. is dealing with a breach at a third-party developer. The Register reports: A leading UK provider of criminal record checks for employers is handling a data breach stemming from a third-party development company. Access Personal Checking Services (APCS) has written to customers to notify them that […]
In what is currently the third largest health data breach of 2025, kidney dialysis provider DaVita has reported a ransomware attack to HHS. Bleeping Computer reports: Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals. DaVita serves over 265,400 […]
Cyber Security News reports: A series of critical vulnerabilities across multiple internal Intel websites allowed for the complete exfiltration of the company’s global employee database and access to confidential supplier information. The flaws, stemming from basic security oversights, exposed the personal details of over 270,000 Intel employees and workers. The investigation from Eaton Works revealed […]
