Data Breach News, Vendor News, Vulnerabilities
September 13, 2025
352 views 45 secs 0

FBI FLASH: Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion

The FBI has issued an alert, FLASH-20250912-001. Summary The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions. Both groups have recently been observed targeting […]

Data Breach News, Vendor News
September 12, 2025
349 views 19 secs 0

Sen. Wyden seeks FTC probe into Microsoft over Ascension cyberattack

Becker’s Health IT reports: U.S. Sen. Ron Wyden is urging the Federal Trade Commission to investigate Microsoft, saying weak security practices at the tech company helped enable a 2024 ransomware attack on St. Louis-based Ascension hospitals, Bloomberg reported Sept. 10. In a letter sent Sept. 10 to FTC Chairman Andrew Ferguson, Sen. Wyden accused Microsoft of “gross […]

Data Breach News, Vendor News
September 04, 2025
515 views 16 secs 0

Cloudflare Confirms Data Breach – Customer Data Exposed via Salesforce Attack

GBHackers reports: Cloudflare has disclosed a significant data breach affecting customer information following a sophisticated supply chain attack targeting its Salesforce integration with Salesloft Drift. The incident, which occurred between August 12-17, 2025, resulted in the exposure of customer support case data and potentially sensitive credentials shared through support channels. The cybersecurity company became aware […]

Data Breach News, Vendor News
September 02, 2025
554 views 58 secs 0

Zscaler data breach exposes customer info after Salesloft Drift compromise

Cybersecurity company Zscaler has disclosed that it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer information, including the contents of support cases. Bleeping Computer reports: This warning follows the compromise of Salesloft Drift, an AI chat agent that integrates with Salesforce, in which attackers stole OAuth and refresh tokens, […]

Data Breach News, Vendor News
September 02, 2025
549 views 2 mins 0

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

Another Salesloft Drift-related breach has been disclosed. Seucrity Affairs reports: Zscaler discloses a data breach that is linked to the recent Salesloft Drift attack. The cybersecurity vendor confirmed it was affected by a campaign targeting Salesloft Drift, a marketing SaaS integrated with Salesforce. Threat actors stole OAuth tokens from the company, the incident impacted multiple Salesforce […]

Data Breach News, New Threats, News, Vendor News
August 29, 2025
602 views 2 mins 0

Warning issued after hackers stole Salesloft Drift data

Customers are targeted through compromised OAuth access tokens from Salesloft Drift integrations. IT Pro reports: Google’s Threat Intelligence Group (GTIG) has revealed that hackers harvested user credentials from Salesforce customers in a widespread campaign during the first half of this month. The attacker, tracked as UNC6395, targeted Salesforce customer instances through compromised OAuth tokens associated […]

Insurance News, News, Vendor News
August 26, 2025
760 views 6 secs 0

Farmers Insurance breach impacts over 1 million customers

Cybernews reports: The Farmers Insurance Group is notifying 1,111,386 people that their personal information was exposed in a recent cyberattack earlier this year. The American insurance giant said it began sending breach notification letters about the May 29th “security incident” out of an “abundance of caution” on August 22nd. The breach may have involved the […]

Data Breach News, Vendor News
August 23, 2025
778 views 12 secs 0

U.K. criminal background check firm APCS discloses breach

A provider of criminal background checks in the U.K. is dealing with a breach at a third-party developer. The Register reports: A leading UK provider of criminal record checks for employers is handling a data breach stemming from a third-party development company. Access Personal Checking Services (APCS) has written to customers to notify them that […]

Legal News, Data Breach News, Vendor News
August 19, 2025
714 views 32 secs 0

Microsoft’s Nuance coughs up $8.5M to rid itself of MOVEit breach suit

The Register reports: Microsoft-owned talk-to-text outfit Nuance has agreed to cough up $8.5 million to settle a class action lawsuit over the sprawling MOVEit Transfer mega-breach – although it admits no liability. The proposed deal [PDF], filed in a Massachusetts federal court last week, would draw a line under litigation brought by individuals who claimed that the company failed […]

Data Breach News, Vendor News
August 18, 2025
691 views 50 secs 0

Georgia SNAP call center cyberattack tied to incidents in 6 states: USDA

FOX 5 in Atlanta reports: A cyberattack that shut down Georgia’s SNAP (Supplemental Nutrition Assistance Program) call center may not have been an isolated incident. Officials with the United States Department of Agriculture tell FOX 5 that similar attacks have happened in six other states recently. The backstory: On July 28, the Georgia Department of […]