555win cung cấp cho bạn một cách thuận tiện, an toàn và đáng tin cậy [xổ số thứ 6 hàng tuần]
1 day ago · A threat group Google tracks as UNC6395 systematically stole large amounts of data from Salesforce customer instances by using OAuth tokens stolen from Salesloft Drift, researchers said.
10 hours ago · On August 20, 2025, in collaboration with Salesforce, Salesloft revoked all active access and refresh tokens for the Drift application. Salesforce also removed the Drift app from the AppExchange pending further investigation.
1 day ago · In accordance with Salesloft, risk actors obtained Drift OAuth and refresh tokens used for its Salesforce integration, and used them to conduct a Salesforce information theft marketing campaign between August 8 and August 18, 2025.
10 hours ago · Beginning as early as August 8, 2025, UNC6395 leveraged valid access and refresh tokens associated with the Salesloft Drift app to connect as an authenticated connected app user, executing large-scale SOQL queries to export records from key Salesforce objects, including Accounts, Opportunities, Users, and Cases.
1 day ago · A threat actor that Google tracks as UNC6395 targeted Salesforce instances using compromised OAuth tokens that were associated with the customer engagement vendor Salesloft’s Drift AI chat agent. Researchers believe the hackers’ primary goal was to harvest credentials, as they stole large amounts of data from numerous Salesforce instances.
Mar 30, 2025 · Drift/Salesforce Security Notification Today, we detected a security issue in the Drift application. Out of an abundance of caution, we have proactively revoked connections between Drift and Salesforce, and we are asking Drift admins to re-authenticate their Salesforce connection. In order to re-authenticate Salesforce in Drift:
10 hours ago · Is your Salesforce environment integrated with third-party apps like Salesloft Drift? If so, your organization could be at risk of the same SaaS breach techniques used by advanced threat actors like UNC6395. In early August, UNC6395 (an assessed Chinese threat actor) leveraged compromised OAuth ...
Bài viết được đề xuất: