The Breach News

Salesloft Shuts Down Drift Temporarily Following OAuth Token Theft Affecting Numerous Organizations

 
Sep 03, 2025
Data Breach / Threat Intelligence

Salesloft announced on Tuesday the temporary suspension of Drift, slated to occur “in the very near future,” due to an extensive supply chain attack impacting multiple companies. This breach has led to the widespread theft of authentication tokens linked to the marketing software-as-a-service platform. The company stated, “This action will allow us to thoroughly review the application and enhance its resilience and security before restoring full functionality.” Consequently, the Drift chatbot on customer websites will be offline, and Drift itself will not be accessible. Salesloft emphasized its commitment to preserving the integrity and security of its systems and customers’ data, collaborating with cybersecurity partners Mandiant and Coalition as part of their incident response strategy. This announcement follows a disclosure from Google Threat Intelligence Group (GTIG) and Mandiant regarding the ongoing threats.

Salesloft to Temporarily Suspend Drift Following Widespread OAuth Token Theft September 3, 2025 In a significant development within the cybersecurity landscape, Salesloft has announced plans to take its Drift service offline imminently. This decision follows a widespread supply chain attack that has affected numerous organizations, leading to the unauthorized acquisition…

Read More

Salesloft Shuts Down Drift Temporarily Following OAuth Token Theft Affecting Numerous Organizations

 
Sep 03, 2025
Data Breach / Threat Intelligence

Salesloft announced on Tuesday the temporary suspension of Drift, slated to occur “in the very near future,” due to an extensive supply chain attack impacting multiple companies. This breach has led to the widespread theft of authentication tokens linked to the marketing software-as-a-service platform. The company stated, “This action will allow us to thoroughly review the application and enhance its resilience and security before restoring full functionality.” Consequently, the Drift chatbot on customer websites will be offline, and Drift itself will not be accessible. Salesloft emphasized its commitment to preserving the integrity and security of its systems and customers’ data, collaborating with cybersecurity partners Mandiant and Coalition as part of their incident response strategy. This announcement follows a disclosure from Google Threat Intelligence Group (GTIG) and Mandiant regarding the ongoing threats.

Unresolved Remote Hacking Vulnerability Found in Fortinet’s FortiWeb WAF

Aug 18, 2021

Recent revelations highlight a serious, unpatched security flaw in Fortinet’s web application firewall (WAF) that could enable a remote authenticated attacker to execute harmful commands on the system. According to cybersecurity firm Rapid7, an OS command injection vulnerability in FortiWeb’s management interface (versions 6.3.11 and earlier) allows this exploitation through the SAML server configuration page. This issue is linked to CVE-2021-22123, which was noted in advisory FG-IR-20-120. Rapid7 identified and reported the vulnerability in June 2021, and Fortinet plans to release a fix in late August with FortiWeb version 6.4.1. While this command injection flaw has not yet been assigned a CVE identifier, it carries a severity rating of 8.7 on the CVSS scoring system. Exploiting this vulnerability could enable authenticated users to execute arbitrary commands.

Unresolved Remote Hacking Vulnerability Uncovered in Fortinet’s FortiWeb WAF Published on August 18, 2021 A newly identified, unaddressed security vulnerability has been reported in Fortinet’s FortiWeb Web Application Firewall (WAF) appliances, raising concerns among cybersecurity experts. This flaw could potentially permit a remote, authenticated attacker to execute arbitrary commands on…

Read More

Unresolved Remote Hacking Vulnerability Found in Fortinet’s FortiWeb WAF

Aug 18, 2021

Recent revelations highlight a serious, unpatched security flaw in Fortinet’s web application firewall (WAF) that could enable a remote authenticated attacker to execute harmful commands on the system. According to cybersecurity firm Rapid7, an OS command injection vulnerability in FortiWeb’s management interface (versions 6.3.11 and earlier) allows this exploitation through the SAML server configuration page. This issue is linked to CVE-2021-22123, which was noted in advisory FG-IR-20-120. Rapid7 identified and reported the vulnerability in June 2021, and Fortinet plans to release a fix in late August with FortiWeb version 6.4.1. While this command injection flaw has not yet been assigned a CVE identifier, it carries a severity rating of 8.7 on the CVSS scoring system. Exploiting this vulnerability could enable authenticated users to execute arbitrary commands.

Be Cautious: Fraudulent Twitter Phishing Sites Emerging

Published: July 15, 2013

Warning: A new scam is circulating through Twitter direct messages (DMs) and deceptive emails, directing users to a phishing site at “twittler.com.” This scam utilizes compromised Twitter accounts to send seemingly legitimate messages. Security expert Janne Ahlberg highlights the danger, stating, “This is a particularly insidious tactic, especially when the sender is someone you know and trust. If you receive a suspicious DM or email from a familiar contact, alert them – their account has likely been hijacked by attackers.”

The fraudulent webpage mimics the Twitter login screen and attempts to capture your login credentials, using a domain name that closely resembles the official Twitter.com, with the addition of “LL.”

To stay safe, always verify your browser’s address bar to ensure you are on the legitimate Twitter site at twitter.com before entering your login information. If you input your Twitter username…

Warning: Phishing Attack Targeting Twitter Users July 15, 2013 A concerning phishing scam has emerged, targeting Twitter users through deceptive direct messages (DMs) and counterfeit emails that direct recipients to a fraudulent website, “twittler.com.” This scheme relies on compromised Twitter accounts to deliver messages that appear trustworthy, undermining the basic…

Read More

Be Cautious: Fraudulent Twitter Phishing Sites Emerging

Published: July 15, 2013

Warning: A new scam is circulating through Twitter direct messages (DMs) and deceptive emails, directing users to a phishing site at “twittler.com.” This scam utilizes compromised Twitter accounts to send seemingly legitimate messages. Security expert Janne Ahlberg highlights the danger, stating, “This is a particularly insidious tactic, especially when the sender is someone you know and trust. If you receive a suspicious DM or email from a familiar contact, alert them – their account has likely been hijacked by attackers.”

The fraudulent webpage mimics the Twitter login screen and attempts to capture your login credentials, using a domain name that closely resembles the official Twitter.com, with the addition of “LL.”

To stay safe, always verify your browser’s address bar to ensure you are on the legitimate Twitter site at twitter.com before entering your login information. If you input your Twitter username…

Telegram Continues to Support a $21 Billion Crypto Scammer Marketplace Despite Sanctions

Recent investigations have revealed that the Xinbi Guarantee platform has been involved in a range of illicit activities, including offering harassment services for hire and potentially involving underage sex workers. One disturbing listing highlighted by Elliptic included explicit details about a 16-year-old individual, illustrating a troubling nexus of exploitation and…

Read MoreTelegram Continues to Support a $21 Billion Crypto Scammer Marketplace Despite Sanctions

CISA Includes TP-Link and WhatsApp Vulnerabilities in KEV Catalog Due to Ongoing Exploitation

September 3, 2025
Vulnerability / Mobile Security

On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability affecting TP-Link TL-WA855RE Wi-Fi Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing signs of active exploitation. The vulnerability, identified as CVE-2020-24363 (CVSS score: 8.8), involves a missing authentication flaw that can be exploited to gain elevated access to the device. CISA noted that “this vulnerability could enable an unauthenticated attacker on the same network to send a TDDP_RESET POST request for a factory reset and reboot,” allowing them to establish incorrect access control by setting a new administrative password. According to malwrforensics, the issue has been addressed in firmware version TL-WA855RE(EU)_V5_200731. However, it’s important to mention that this product has reached end-of-life (EoL) status, making future patches or updates unlikely. Users of the Wi-Fi range extender are therefore advised to take caution.

CISA Includes TP-Link and WhatsApp Vulnerabilities in KEV Catalog Due to Ongoing Exploitation On September 3, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical security vulnerability related to TP-Link TL-WA855RE Wi-Fi Ranger Extenders to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes…

Read More

CISA Includes TP-Link and WhatsApp Vulnerabilities in KEV Catalog Due to Ongoing Exploitation

September 3, 2025
Vulnerability / Mobile Security

On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability affecting TP-Link TL-WA855RE Wi-Fi Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing signs of active exploitation. The vulnerability, identified as CVE-2020-24363 (CVSS score: 8.8), involves a missing authentication flaw that can be exploited to gain elevated access to the device. CISA noted that “this vulnerability could enable an unauthenticated attacker on the same network to send a TDDP_RESET POST request for a factory reset and reboot,” allowing them to establish incorrect access control by setting a new administrative password. According to malwrforensics, the issue has been addressed in firmware version TL-WA855RE(EU)_V5_200731. However, it’s important to mention that this product has reached end-of-life (EoL) status, making future patches or updates unlikely. Users of the Wi-Fi range extender are therefore advised to take caution.

Critical BadAlloc Vulnerability Impacts BlackBerry QNX in Millions of Vehicles and Medical Devices

August 18, 2021

A significant security flaw in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS) poses a risk of enabling malicious actors to take control of various devices, including cars and medical equipment. This issue, identified as CVE-2021-22156 with a CVSS score of 9.0, is part of a larger series of vulnerabilities dubbed BadAlloc that was first revealed by Microsoft in April 2021. The flaw could potentially serve as a backdoor for attackers, allowing them to disrupt operations or commandeer devices. According to a bulletin from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices.” As of now, there are no indications that this vulnerability has been actively exploited. BlackBerry QNX technology serves over 195 million vehicles and embedded systems globally.

Critical Vulnerability in BlackBerry QNX Poses Risk to Millions of Devices August 18, 2021 A significant security vulnerability has been identified in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS), which underpins a vast array of products, including automotive systems, medical equipment, and industrial machinery. This flaw, officially designated…

Read More

Critical BadAlloc Vulnerability Impacts BlackBerry QNX in Millions of Vehicles and Medical Devices

August 18, 2021

A significant security flaw in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS) poses a risk of enabling malicious actors to take control of various devices, including cars and medical equipment. This issue, identified as CVE-2021-22156 with a CVSS score of 9.0, is part of a larger series of vulnerabilities dubbed BadAlloc that was first revealed by Microsoft in April 2021. The flaw could potentially serve as a backdoor for attackers, allowing them to disrupt operations or commandeer devices. According to a bulletin from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices.” As of now, there are no indications that this vulnerability has been actively exploited. BlackBerry QNX technology serves over 195 million vehicles and embedded systems globally.

Cyber Attack Disrupts Passport Control at Istanbul Airport

July 26, 2013

The passport control system at Istanbul Ataturk Airport’s international departure terminal experienced a cyber attack on Friday, impacting operations at another airport in the city. Passengers faced lengthy delays, with many waiting hours as flight departures were postponed due to the system shutdown at both locations. Authorities were able to restore functionality after some time.

Reports indicated that the passport control system at Sabiha Gokcen International Airport was also affected by issues stemming from the Polnet data system managed by the Istanbul provincial security directorate. Preliminary investigations suggest the systems may have been compromised by malware, though authorities are still determining whether any user information was extracted from the affected machines.

As of now, there has been no claim of responsibility for the cyber attack. This incident is part of a worrying trend of malware attacks targeting critical infrastructure. Cybersecurity has become an increasingly critical concern in recent years.

Cyber Attack Disrupts Istanbul Airport’s Passport Control Systems On July 26, 2013, the passport control systems at Istanbul Ataturk Airport’s international departure terminal faced a significant disruption due to a cyber attack, affecting operations not only at this major facility but also at Sabiha Gokcen International Airport, another key location…

Read More

Cyber Attack Disrupts Passport Control at Istanbul Airport

July 26, 2013

The passport control system at Istanbul Ataturk Airport’s international departure terminal experienced a cyber attack on Friday, impacting operations at another airport in the city. Passengers faced lengthy delays, with many waiting hours as flight departures were postponed due to the system shutdown at both locations. Authorities were able to restore functionality after some time.

Reports indicated that the passport control system at Sabiha Gokcen International Airport was also affected by issues stemming from the Polnet data system managed by the Istanbul provincial security directorate. Preliminary investigations suggest the systems may have been compromised by malware, though authorities are still determining whether any user information was extracted from the affected machines.

As of now, there has been no claim of responsibility for the cyber attack. This incident is part of a worrying trend of malware attacks targeting critical infrastructure. Cybersecurity has become an increasingly critical concern in recent years.

Booking.com Confirms Data Breach After Hackers Access Customer Information

Booking.com is reaching out to its customers following a confirmed data breach in which a third party accessed portions of its reservation data. The company characterizes this incident as a targeted attack impacting an undisclosed number of bookings. In communications to affected customers, the exposed information may consist of names,…

Read MoreBooking.com Confirms Data Breach After Hackers Access Customer Information

Cloudflare Successfully Thwarts Unprecedented 11.5 Tbps DDoS Attack

Cloudflare announced on Tuesday that it effectively mitigated a record-breaking volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). In a recent post on X, the web infrastructure and security provider revealed, “In recent weeks, we’ve autonomously blocked numerous hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bbps and 11.5 Tbps.” The attack, primarily a UDP flood originating from Google Cloud, lasted only about 35 seconds, highlighting the company’s robust defense mechanisms at work. Volumetric DDoS attacks aim to overwhelm a target with excessive traffic, causing server slowdowns or failures, often resulting in network congestion, packet loss, and service disruptions. Typically, these attacks are executed using botnets controlled by threat actors.

Cloudflare Defends Against Unprecedented 11.5 Tbps DDoS Attack On September 3, 2025, Cloudflare announced that it successfully thwarted a staggering volumetric distributed denial-of-service (DDoS) attack, which peaked at an astonishing 11.5 terabits per second (Tbps). The web infrastructure and security firm reported that the attack was part of a series…

Read More

Cloudflare Successfully Thwarts Unprecedented 11.5 Tbps DDoS Attack

Cloudflare announced on Tuesday that it effectively mitigated a record-breaking volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). In a recent post on X, the web infrastructure and security provider revealed, “In recent weeks, we’ve autonomously blocked numerous hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bbps and 11.5 Tbps.” The attack, primarily a UDP flood originating from Google Cloud, lasted only about 35 seconds, highlighting the company’s robust defense mechanisms at work. Volumetric DDoS attacks aim to overwhelm a target with excessive traffic, causing server slowdowns or failures, often resulting in network congestion, packet loss, and service disruptions. Typically, these attacks are executed using botnets controlled by threat actors.