Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

apono

Beyond the Drift Breach: Securing Non-Human Identities with Zero Standing Privileges

Sep 5, 2025 By Gabriel Avner In Apono
The Drift OAuth breach didn’t just expose one SaaS vendor — it exposed a systemic blind spot: the sprawling, ungoverned world of Non-Human Identities. In case you missed it, in August 2025, attackers from UNC6395 exploited compromised OAuth tokens from Salesloft’s Drift integration—an AI chat tool—to access and exfiltrate data from Salesforce, including credentials like AWS keys and Snowflake tokens.
Read Post
upguard

Salesloft Drift Breach: What Happened and How Does It Affect Me?

Sep 4, 2025 By Edward Kost In UpGuard
A widespread supply chain attack has impacted hundreds of organizations through the marketing software-as-a-service (SaaS) product, Drift, owned by Salesloft. The campaign, attributed to a threat group tracked by Google as UNC6395, is believed to have occurred between August 8 and August 18, 2025. The attackers used stolen OAuth and refresh tokens associated with Drift's AI chat agent to access the systems of impacted companies.
Read Post
idstrong

What You Need to Know about the TransUnion Data Breach

Sep 4, 2025 By IDStrong In IDStrong
Initially established in 1968, TransUnion was set up as a holding company for the Union Tank Car organization. It entered the credit reporting industry in 1969, following an acquisition of the Cook County Credit Bureau. Over time, TransUnion developed from solely credit reporting to information and insights on a global scale. The official mission of the company is to help people globally access capital and services, thereby emphasizing its role as a consumer advocate.
Read Post
nightfall

The Cloudflare Breach: Why Supply Chain Security Can't Be an Afterthought in 2025

Sep 4, 2025 By Anant Mahajan In Nightfall
The cybersecurity industry woke up to yet another supply chain nightmare this week. Cloudflare, one of the world's largest web infrastructure companies, confirmed that attackers accessed 104 of their API tokens through the cascading Salesloft Drift breach. This incident perfectly illustrates why modern organizations need to rethink their approach to third-party vendor security.
Read Post
cyberark

Salesloft Drift incident overview and CyberArk's response

Sep 3, 2025 By Dor Liniado In CyberArk
It was recently reported that Salesloft’s Drift application was breached, allowing unauthorized access to its customers’ Salesforce data and affecting hundreds of organizations, including CyberArk. Upon learning of this incident, we quickly deployed threat containment measures, including terminating our Salesforce–Drift connection; disabling the Drift application and revoking all related user credentials; and rotating all Salesforce integration credentials.
Read Post
foresiet

Zscaler Breach Unpacked: Hype vs. Hard Evidence - Who Really Did It?

Sep 2, 2025 By Foresiet In Foresiet
The recent Zscaler breach has sparked significant attention in the cybersecurity community not just because of its impact, but also because of the complexity of the attack and the multiple claims of responsibility surrounding it. Here’s a breakdown of what happened, who’s claiming involvement, and what we can learn from the incident. This was not a direct hack of Zscaler’s core systems. Instead, it was a supply chain attack that exploited a third-party integration.
Read Post
Biggest Data Breaches In History, And What We Have Learned From Them

Biggest Data Breaches In History, And What We Have Learned From Them

Sep 1, 2025 By SecuritySenses In SecuritySenses
Basically, hackers do not hack. They infiltrate systems. They explore vulnerabilities. They examine data flows, searching for weaknesses to exploit. And then they log in. Almost, we could romanticize them. A hopeless romantic who is reading Dostoievski for lunch would surely do that. But regardless, that is light-years away from the objective of our article. To begin, we would like to highlight the alarming prevalence of data breaches, which persist despite the relentless advancements in technology, advancements that one might assume would mitigate such threats. In 2024 alone, over 5.5 billion records were compromised globally.
Read Post
fidelis security

How Advanced DLP Accelerates Data Breach Recovery and Reduces Regulatory Risk

Aug 29, 2025 By Fidelis Security In Fidelis Security
Data breach recovery has become a top priority for organizations in today’s digital world. Organizations must protect sensitive information that flows through networks, cloud environments, and endpoint devices. Data breaches, insider threats, and accidental leaks expose organizations to financial losses, compliance violations, and damage to their reputation.
Read Post

Did you know that 75% of all data breaches involve a human element?

Aug 29, 2025 By UpGuard In UpGuard
Every year, security budgets overlook the single biggest risk every organization faces: people. Technology and policies can’t stop a single bad click, but our new User Risk product gives security teams the visibility necessary to neutralize harmful activity before attackers can act. Purpose-built for today’s AI-driven threat landscape, User Risk finally gives teams a way to close the human gap in cybersecurity.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.