Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations Salesloft suspended Drift after August 2025 OAuth token theft hit 700+ firms, exposing Salesforce data.

Salesloft pulled the plug on Drift after a massive supply-chain hack.

Hackers stole its OAuth tokens—then used them to breach Salesforce at Cloudflare, Google Workspace, Palo Alto, Zscaler & 700+ orgs. #CyberAttacks #SupplychainsAttacks thehackernews.com/2025/09/sale...

Supply chain attack hits npm package with 45,000 weekly downloads An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system.

An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system. #CyberSecurity #SupplychainsAttacks www.bleepingcomputer.com/news/securit...

Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware Lazarus exploited zero-days in South Korean software, targeting 6 firms with ThreatNeedle and more.

#LazarusGroup strikes South Korea—again.

6 major industries breached via watering hole attacks + zero-days in Cross EX & Innorix Agent.
Malware used: ThreatNeedle & more.
#CyberAlerts #Malware #SupplychainsAttacks
👀 Supply chains are the target.
thehackernews.com/2025/04/laza...