Becker’s Health IT reports: U.S. Sen. Ron Wyden is urging the Federal Trade Commission to investigate Microsoft, saying weak security practices at the tech company helped enable a 2024 ransomware attack on St. Louis-based Ascension hospitals, Bloomberg reported Sept. 10. In a letter sent Sept. 10 to FTC Chairman Andrew Ferguson, Sen. Wyden accused Microsoft of “gross […]
GBHackers reports: Cloudflare has disclosed a significant data breach affecting customer information following a sophisticated supply chain attack targeting its Salesforce integration with Salesloft Drift. The incident, which occurred between August 12-17, 2025, resulted in the exposure of customer support case data and potentially sensitive credentials shared through support channels. The cybersecurity company became aware […]
Cybersecurity company Zscaler has disclosed that it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer information, including the contents of support cases. Bleeping Computer reports: This warning follows the compromise of Salesloft Drift, an AI chat agent that integrates with Salesforce, in which attackers stole OAuth and refresh tokens, […]
Another Salesloft Drift-related breach has been disclosed. Seucrity Affairs reports: Zscaler discloses a data breach that is linked to the recent Salesloft Drift attack. The cybersecurity vendor confirmed it was affected by a campaign targeting Salesloft Drift, a marketing SaaS integrated with Salesforce. Threat actors stole OAuth tokens from the company, the incident impacted multiple Salesforce […]
Customers are targeted through compromised OAuth access tokens from Salesloft Drift integrations. IT Pro reports: Google’s Threat Intelligence Group (GTIG) has revealed that hackers harvested user credentials from Salesforce customers in a widespread campaign during the first half of this month. The attacker, tracked as UNC6395, targeted Salesforce customer instances through compromised OAuth tokens associated […]
Cybernews reports: The Farmers Insurance Group is notifying 1,111,386 people that their personal information was exposed in a recent cyberattack earlier this year. The American insurance giant said it began sending breach notification letters about the May 29th “security incident” out of an “abundance of caution” on August 22nd. The breach may have involved the […]
A provider of criminal background checks in the U.K. is dealing with a breach at a third-party developer. The Register reports: A leading UK provider of criminal record checks for employers is handling a data breach stemming from a third-party development company. Access Personal Checking Services (APCS) has written to customers to notify them that […]
The Register reports: Microsoft-owned talk-to-text outfit Nuance has agreed to cough up $8.5 million to settle a class action lawsuit over the sprawling MOVEit Transfer mega-breach – although it admits no liability. The proposed deal [PDF], filed in a Massachusetts federal court last week, would draw a line under litigation brought by individuals who claimed that the company failed […]
FOX 5 in Atlanta reports: A cyberattack that shut down Georgia’s SNAP (Supplemental Nutrition Assistance Program) call center may not have been an isolated incident. Officials with the United States Department of Agriculture tell FOX 5 that similar attacks have happened in six other states recently. The backstory: On July 28, the Georgia Department of […]
BBC reports: Thousands of Afghans brought to safety in the UK have had their personal data exposed, after a Ministry of Defence (MoD) sub-contractor suffered a data breach. The names, passport information and Afghan Relocations and Assistance Policy (Arap) details of up to 3,700 Afghans have potentially been compromised after Inflite The Jet Centre, which […]
