News

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in ...

Salesloft says Drift customer data thefts linked to March GitHub account hack

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the ...
The Hacker News

GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies

Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed ...

How DevOps tools are opening the gates for high-profile cyberattacks

According to The CISO’s Guide to DevOps Threats, the most targeted industries in 2024 are Technology & Software, Fintech & ...
SecurityWeek

Salesloft GitHub Account Compromised Months Before Salesforce Attack

Threat actors had access to Salesloft’s GitHub account between March and June 2025 and performed reconnaissance.
Infosecurity Magazine

Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign

Salesloft has revealed that threat actors targeted customer Salesforce data after breaching its GitHub account ...
The Hacker News

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks

The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated ...
CPO Magazine

New Qantas Policy Ties Amount of Executive Bonuses to Data Breach Failures

Qantas has announced a new compensation policy that reduces executive bonuses for the CEO and their team when damaging ...

FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data

The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising ...

Drift massive attack traced back to loose Salesloft GitHub account

Cloudflare last week pinned the attack on a threat group it tracks as GRUB1 that aligns with UNC6395. And it's suspected that ...
Security Boulevard

UNC6395 Hackers Accessed Systems via a GitHub Account, Salesloft Says

Security investigators from Google said UNC6395 hackers spent several months running through Salesloft and Drift systems before launching a data breach campaign that some security researchers say has ...

Chinese malware is flooding GitHub pages - HiddenGh0st, Winos and kkRAT hit devs via SEO poisoning

Chinese users looking to download popular browsers and communications software are being targeted by different malware variants, granting attackers remote access capabilities. This is according to ...