The Breach News

⚡ Weekly Update: Drift Breach Unveiled, Active Zero-Days, Patch Alerts, Evolving Threats & More

 
Sep 08, 2025
Cybersecurity / Hacking News

Cybersecurity constantly evolves, with each week bringing fresh threats, vulnerabilities, and crucial lessons for defenders. For security and IT teams, the challenge lies in discerning which risks demand immediate attention. This digest aims to provide a straightforward briefing to help prioritize what matters most.

This week, the notable story is the Salesloft–Drift breach, where attackers compromised OAuth tokens, gaining access to Salesforce data from major tech companies. This incident underscores how fragile integrations can become critical vulnerabilities in enterprise defenses.

Additionally, we’ll discuss several high-risk CVEs currently under active exploitation, the latest strategies of advanced threat actors, and new insights on streamlining security workflows for greater efficiency. Each section delivers essential information, ensuring you stay informed and prepared without being overwhelmed.

Threat of the Week
Salesloft to Take Drift of…

Weekly Cybersecurity Update: Major Data Breach at Salesloft Linked to Drift, Ongoing Threats, and Rising Cyber Intelligence September 08, 2025 Cybersecurity / Hacking News The landscape of cybersecurity remains in constant flux, with each week bringing fresh challenges, vulnerabilities, and essential takeaways for security professionals. For IT departments, navigating these…

Read More

⚡ Weekly Update: Drift Breach Unveiled, Active Zero-Days, Patch Alerts, Evolving Threats & More

 
Sep 08, 2025
Cybersecurity / Hacking News

Cybersecurity constantly evolves, with each week bringing fresh threats, vulnerabilities, and crucial lessons for defenders. For security and IT teams, the challenge lies in discerning which risks demand immediate attention. This digest aims to provide a straightforward briefing to help prioritize what matters most.

This week, the notable story is the Salesloft–Drift breach, where attackers compromised OAuth tokens, gaining access to Salesforce data from major tech companies. This incident underscores how fragile integrations can become critical vulnerabilities in enterprise defenses.

Additionally, we’ll discuss several high-risk CVEs currently under active exploitation, the latest strategies of advanced threat actors, and new insights on streamlining security workflows for greater efficiency. Each section delivers essential information, ensuring you stay informed and prepared without being overwhelmed.

Threat of the Week
Salesloft to Take Drift of…

Cisco Issues Patches for Three Critical Vulnerabilities in IOS XE Software

On September 24, 2021, Cisco Systems announced the release of patches to address three critical security vulnerabilities in its IOS XE network operating system. These flaws could allow remote attackers to execute arbitrary code with administrative privileges and potentially trigger a denial-of-service (DoS) condition on affected devices. The identified vulnerabilities are as follows:

  • CVE-2021-34770 (CVSS score: 10.0) – Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
  • CVE-2021-34727 (CVSS score: 9.8) – Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
  • CVE-2021-1619 (CVSS score: 9.8) – Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

The most critical issue, CVE-2021-34770, is described by Cisco as a “logic error” occurring during the processing of CAPWAP (Control and Provisioning of Wireless Access Points) packets, which allows a central wireless controller to manage access points.

Cisco Issues Critical Security Patches for IOS XE Software Vulnerabilities On September 24, 2021, Cisco Systems announced the release of critical patches addressing three significant security vulnerabilities within its IOS XE network operating system. These vulnerabilities could allow remote attackers to execute arbitrary code with administrative privileges and potentially initiate…

Read More

Cisco Issues Patches for Three Critical Vulnerabilities in IOS XE Software

On September 24, 2021, Cisco Systems announced the release of patches to address three critical security vulnerabilities in its IOS XE network operating system. These flaws could allow remote attackers to execute arbitrary code with administrative privileges and potentially trigger a denial-of-service (DoS) condition on affected devices. The identified vulnerabilities are as follows:

  • CVE-2021-34770 (CVSS score: 10.0) – Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
  • CVE-2021-34727 (CVSS score: 9.8) – Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
  • CVE-2021-1619 (CVSS score: 9.8) – Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

The most critical issue, CVE-2021-34770, is described by Cisco as a “logic error” occurring during the processing of CAPWAP (Control and Provisioning of Wireless Access Points) packets, which allows a central wireless controller to manage access points.

Israeli Traffic Control System Hacked, Leading to Major Jam on Haifa Highway

Oct 28, 2013

Israel, recognized as a leader in cybersecurity, remains a prime target for hostile governments seeking to undermine its technological advancements. Recently, cybersecurity experts reported a significant cyberattack on a key roadway in northern Haifa, resulting in severe traffic congestion. Military officials are vigilant about the potential impact of large-scale cyber threats on the nation’s infrastructure. According to Ofir Ben Avi, head of the government’s website division, Israeli government websites face thousands of cyberattacks daily. Additionally, the Israel Electric Corporation noted an alarming rate of approximately 6,000 unique cyber attacks per second on its servers. In June, Prime Minister Benjamin Netanyahu highlighted that Iranian militia, Hezbollah, and Hamas have consistently targeted Israel.

Israeli Road Control System Compromised, Leading to Major Traffic Disruptions on Haifa Highway October 28, 2013 In a striking incident underscoring the vulnerabilities inherent in even the most robust cyber infrastructures, Israel’s national road control system was hacked, resulting in significant traffic jams on the Haifa Highway. This disruption serves…

Read More

Israeli Traffic Control System Hacked, Leading to Major Jam on Haifa Highway

Oct 28, 2013

Israel, recognized as a leader in cybersecurity, remains a prime target for hostile governments seeking to undermine its technological advancements. Recently, cybersecurity experts reported a significant cyberattack on a key roadway in northern Haifa, resulting in severe traffic congestion. Military officials are vigilant about the potential impact of large-scale cyber threats on the nation’s infrastructure. According to Ofir Ben Avi, head of the government’s website division, Israeli government websites face thousands of cyberattacks daily. Additionally, the Israel Electric Corporation noted an alarming rate of approximately 6,000 unique cyber attacks per second on its servers. In June, Prime Minister Benjamin Netanyahu highlighted that Iranian militia, Hezbollah, and Hamas have consistently targeted Israel.

ShinyHunters Alleges Snowflake Breach at Rockstar Games Using Anodot

Rockstar Games Faces Potential Data Leak Threat from ShinyHunters Group Rockstar Games has recently been thrust into the headlines not due to ongoing discussions surrounding the much-anticipated Grand Theft Auto VI, but because the ShinyHunters hacking group has claimed to infiltrate the company’s Snowflake environment. The group alleges that a…

Read MoreShinyHunters Alleges Snowflake Breach at Rockstar Games Using Anodot

Compromise of GitHub Account Triggers Salesloft Drift Breach Affecting 22 Companies

Sep 08, 2025
Supply Chain Attack / API Security

Salesloft has announced that the breach associated with its Drift application originated from a compromised GitHub account. An investigation by Google-owned Mandiant revealed that the threat actor, identified as UNC6395, accessed the Salesloft GitHub account over a span of three months, from March to June 2025. The method of access to the GitHub account remains unknown. Currently, 22 companies have reported being impacted by this supply chain breach. According to Salesloft’s advisory, the attackers leveraged this access to download content from various repositories, add a guest user, and establish workflows. The investigation also revealed that reconnaissance activities were taking place within the Salesloft and Drift application environments during the same time frame. However, it noted that there is no indication of any actions beyond these limited reconnaissance efforts. In the subsequent phase, the attackers gained access to Drift’s Amazon Web Services (AWS)…

GitHub Account Compromise Leads to Data Breach at Salesloft, Impacting 22 Companies In a development that underscores the vulnerabilities in software supply chains, Salesloft has disclosed that a significant data breach associated with its Drift application originated from the compromise of its GitHub account. This incident was investigated by Mandiant,…

Read More

Compromise of GitHub Account Triggers Salesloft Drift Breach Affecting 22 Companies

Sep 08, 2025
Supply Chain Attack / API Security

Salesloft has announced that the breach associated with its Drift application originated from a compromised GitHub account. An investigation by Google-owned Mandiant revealed that the threat actor, identified as UNC6395, accessed the Salesloft GitHub account over a span of three months, from March to June 2025. The method of access to the GitHub account remains unknown. Currently, 22 companies have reported being impacted by this supply chain breach. According to Salesloft’s advisory, the attackers leveraged this access to download content from various repositories, add a guest user, and establish workflows. The investigation also revealed that reconnaissance activities were taking place within the Salesloft and Drift application environments during the same time frame. However, it noted that there is no indication of any actions beyond these limited reconnaissance efforts. In the subsequent phase, the attackers gained access to Drift’s Amazon Web Services (AWS)…

SonicWall Releases Critical Patches for Vulnerability in SMA 100 Series Devices

On September 25, 2021, SonicWall, a network security firm, addressed a serious security vulnerability identified in its Secure Mobile Access (SMA) 100 series appliances. This flaw allows remote, unauthorized attackers to gain administrative access to the affected devices. Designated as CVE-2021-20034, the issue involves arbitrary file deletion and has a critical CVSS score of 9.1 out of 10. Exploiting this vulnerability could enable an adversary to bypass path traversal checks, leading to deletion of files and a reset of the device to factory settings. SonicWall indicated that the vulnerability stems from inadequate file path restrictions, potentially allowing arbitrary file deletions. Fortunately, the company noted that there are currently no signs of exploitation in the wild. SonicWall also acknowledged Wenxu Yin of Alpha Lab, Qihoo 360, for reporting this security concern, which affects the SMA 100 Series, including models like SMA 200 and SMA 210.

SonicWall Responds to Critical Security Flaw in SMA 100 Series Devices On September 25, 2021, SonicWall, a prominent player in the network security landscape, announced that it has issued patches addressing a significant security vulnerability affecting its Secure Mobile Access (SMA) 100 series devices. This flaw, identified as CVE-2021-20034, allows…

Read More

SonicWall Releases Critical Patches for Vulnerability in SMA 100 Series Devices

On September 25, 2021, SonicWall, a network security firm, addressed a serious security vulnerability identified in its Secure Mobile Access (SMA) 100 series appliances. This flaw allows remote, unauthorized attackers to gain administrative access to the affected devices. Designated as CVE-2021-20034, the issue involves arbitrary file deletion and has a critical CVSS score of 9.1 out of 10. Exploiting this vulnerability could enable an adversary to bypass path traversal checks, leading to deletion of files and a reset of the device to factory settings. SonicWall indicated that the vulnerability stems from inadequate file path restrictions, potentially allowing arbitrary file deletions. Fortunately, the company noted that there are currently no signs of exploitation in the wild. SonicWall also acknowledged Wenxu Yin of Alpha Lab, Qihoo 360, for reporting this security concern, which affects the SMA 100 Series, including models like SMA 200 and SMA 210.

British Minister’s Son Charged in Hacking of US Army and NASA Systems

On October 30, 2013, 28-year-old Lauri Love, the son of a British Baptist minister, faced charges for allegedly hacking into the computer systems of the US Army, NASA, and other federal agencies. Arrested at his home in Stradishall, England by the National Crime Agency, Love, along with unnamed co-conspirators, is accused of breaching thousands of computer systems from October 2012 to October 2013. The indictment does not claim that Love sought financial gain from the information accessed. His father, Alexander Love, 60, serves as a chaplain at HMP Highpoint North, while his mother, Sirkka-Liisa Love, 59, is a teacher at the same facility. Love stands charged with unauthorized access to a U.S. government computer and conspiracy to disrupt federal operations, reportedly leading to the theft of data belonging to over 5,000 individuals.

British Baptist Minister’s Son Charged with Hacking U.S. Military and NASA Systems Published October 30, 2013 A 28-year-old British man, Lauri Love, has been charged with unauthorized access to computer systems belonging to the U.S. Army, NASA, and other federal agencies. The arrest took place on Friday at Love’s residence…

Read More

British Minister’s Son Charged in Hacking of US Army and NASA Systems

On October 30, 2013, 28-year-old Lauri Love, the son of a British Baptist minister, faced charges for allegedly hacking into the computer systems of the US Army, NASA, and other federal agencies. Arrested at his home in Stradishall, England by the National Crime Agency, Love, along with unnamed co-conspirators, is accused of breaching thousands of computer systems from October 2012 to October 2013. The indictment does not claim that Love sought financial gain from the information accessed. His father, Alexander Love, 60, serves as a chaplain at HMP Highpoint North, while his mother, Sirkka-Liisa Love, 59, is a teacher at the same facility. Love stands charged with unauthorized access to a U.S. government computer and conspiracy to disrupt federal operations, reportedly leading to the theft of data belonging to over 5,000 individuals.

Anthropic’s Mythos Will Spark a Cybersecurity Reckoning—But Not How You Expect

Anthropic Launches Claude Mythos Preview: A New Development in Cybersecurity Risks This week, Anthropic unveiled its Claude Mythos Preview model, heralded as a significant milestone in the evolution of cybersecurity. The company asserts that this new technology poses an unprecedented existential threat to current software defense mechanisms, sparking debates about…

Read MoreAnthropic’s Mythos Will Spark a Cybersecurity Reckoning—But Not How You Expect

How Top CISOs Secure Budget Approval

As budget season approaches, security often faces scrutiny and can become a lower priority. If you’re a CISO or security leader, you probably find yourself justifying the need for your programs, tools, or additional team members, emphasizing that the next security breach is just one oversight away. However, these arguments can falter unless articulated in a way that resonates with the board. According to Gartner, 88% of boards view cybersecurity as a business risk rather than just an IT concern, yet many security leaders still face challenges in elevating the importance of cybersecurity within their organizations. To make security issues resonate with the board, it’s crucial to communicate in terms of business continuity, compliance, and financial implications. Here are a few strategies to help you reframe the conversation, simplifying the technical complexities into clear business objectives.

Acknowledge the Serious Risks

Cyber threats are continually evolving, ranging from ransomware to supply chain attacks, and…

How Leading CISOs Secure Budget Approval for Cybersecurity Initiatives As budget season approaches, cybersecurity often becomes a focal point of scrutiny. For Chief Information Security Officers (CISOs) and security leaders, articulating the significance of their programs, essential tools, and necessary personnel can feel challenging, especially when the conversation strays into…

Read More

How Top CISOs Secure Budget Approval

As budget season approaches, security often faces scrutiny and can become a lower priority. If you’re a CISO or security leader, you probably find yourself justifying the need for your programs, tools, or additional team members, emphasizing that the next security breach is just one oversight away. However, these arguments can falter unless articulated in a way that resonates with the board. According to Gartner, 88% of boards view cybersecurity as a business risk rather than just an IT concern, yet many security leaders still face challenges in elevating the importance of cybersecurity within their organizations. To make security issues resonate with the board, it’s crucial to communicate in terms of business continuity, compliance, and financial implications. Here are a few strategies to help you reframe the conversation, simplifying the technical complexities into clear business objectives.

Acknowledge the Serious Risks

Cyber threats are continually evolving, ranging from ransomware to supply chain attacks, and…