Tag GitHub

Compromise of GitHub Account Triggers Salesloft Drift Breach Affecting 22 Companies

Sep 08, 2025
Supply Chain Attack / API Security

Salesloft has announced that the breach associated with its Drift application originated from a compromised GitHub account. An investigation by Google-owned Mandiant revealed that the threat actor, identified as UNC6395, accessed the Salesloft GitHub account over a span of three months, from March to June 2025. The method of access to the GitHub account remains unknown. Currently, 22 companies have reported being impacted by this supply chain breach. According to Salesloft’s advisory, the attackers leveraged this access to download content from various repositories, add a guest user, and establish workflows. The investigation also revealed that reconnaissance activities were taking place within the Salesloft and Drift application environments during the same time frame. However, it noted that there is no indication of any actions beyond these limited reconnaissance efforts. In the subsequent phase, the attackers gained access to Drift’s Amazon Web Services (AWS)…

GitHub Account Compromise Leads to Data Breach at Salesloft, Impacting 22 Companies In a development that underscores the vulnerabilities in software supply chains, Salesloft has disclosed that a significant data breach associated with its Drift application originated from the compromise of its GitHub account. This incident was investigated by Mandiant,…

Read More

Compromise of GitHub Account Triggers Salesloft Drift Breach Affecting 22 Companies

Sep 08, 2025
Supply Chain Attack / API Security

Salesloft has announced that the breach associated with its Drift application originated from a compromised GitHub account. An investigation by Google-owned Mandiant revealed that the threat actor, identified as UNC6395, accessed the Salesloft GitHub account over a span of three months, from March to June 2025. The method of access to the GitHub account remains unknown. Currently, 22 companies have reported being impacted by this supply chain breach. According to Salesloft’s advisory, the attackers leveraged this access to download content from various repositories, add a guest user, and establish workflows. The investigation also revealed that reconnaissance activities were taking place within the Salesloft and Drift application environments during the same time frame. However, it noted that there is no indication of any actions beyond these limited reconnaissance efforts. In the subsequent phase, the attackers gained access to Drift’s Amazon Web Services (AWS)…

Email Scam Broadly Targets GitHub Developers Using Dimnie Trojan

Open source developers utilizing GitHub have been alerted to a phishing email campaign aimed at infecting their systems with a sophisticated malware trojan known as Dimnie. This malicious software is designed to perform reconnaissance and espionage, enabling attackers to steal login credentials, download confidential files, capture screenshots, log keystrokes on…

Read MoreEmail Scam Broadly Targets GitHub Developers Using Dimnie Trojan

Why Claude Code Security is Disrupting the Cybersecurity Market

Application Security, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development How Claude’s New AI Code Scanning Tool Will Challenge Application Security Leaders Michael Novinson (MichaelNovinson) • February 23, 2026 The launch of Claude Code Security has positioned Anthropic in direct competition with leading cybersecurity firms, drawing significant attention…

Read MoreWhy Claude Code Security is Disrupting the Cybersecurity Market

AI-Generated Malware Takes Advantage of React2Shell for Small Gains

Artificial Intelligence & Machine Learning, Cybercrime, Fraud Management & Cybercrime AI-Driven Malware Targets React2Shell Vulnerability, Compromising 91 Hosts Rashmi Ramesh (rashmiramesh_) • February 11, 2026 Image: Shutterstock Recent research has identified artificial intelligence-generated malware leveraging the React2Shell vulnerability, allowing malicious actors to craft exploits without requiring coding expertise. This operation…

Read MoreAI-Generated Malware Takes Advantage of React2Shell for Small Gains

Record-Breaking DDoS Attack (1.35 Tbps) Strikes GitHub Website

On February 28, 2018, GitHub’s widely used code hosting service experienced a monumental distributed denial-of-service (DDoS) attack, peaking at an unprecedented 1.35 terabits per second (Tbps). This incident marks a significant milestone in the realm of cybersecurity, illustrating both the evolving nature of attack methods and the vulnerabilities that persist…

Read MoreRecord-Breaking DDoS Attack (1.35 Tbps) Strikes GitHub Website

Record-Breaking 1.7 Tbps DDoS Attack: Memcached UDP Reflections Lead the Charge

Record-Breaking DDoS Attack Reaches 1.7 Tbps In a striking demonstration of escalating cyber threats, a staggering 1.7 Tbps distributed denial-of-service (DDoS) attack has recently been recorded, setting a new benchmark just four days after a previous record of 1.35 Tbps attacked GitHub. The incident underscores the urgent need for heightened…

Read MoreRecord-Breaking 1.7 Tbps DDoS Attack: Memcached UDP Reflections Lead the Charge

Release of Memcached DDoS Exploit Code Alongside 17,000 Vulnerable Servers List

Recently, two proofs-of-concept (PoC) for exploit codes targeting Memcached amplification attacks have emerged online, enabling even those with minimal technical expertise to carry out significant DDoS attacks through UDP reflection methods. The first tool, developed in C, utilizes a pre-compiled list of nearly 17,000 potentially vulnerable Memcached servers publicly accessible…

Read MoreRelease of Memcached DDoS Exploit Code Alongside 17,000 Vulnerable Servers List