At a glance.
- Salesloft Drift breach affects all third-party integrations.
- FBI says Salt Typhoon targeted more than 80 countries.
- Cyberattack disrupts Nevada state government services.
- Citrix patches critical NetScaler zero-day.
- TransUnion breach affects 4.4 million customers.
- Farmers Insurance discloses third-party breach.
Salesloft Drift breach affects all third-party integrations.
Researchers at Google warn that an attack campaign tied to Salesloft Drift, a third-party AI chat app, was much broader than initially believed. The company said on Tuesday that hundreds of Salesforce instances were breached via their integration with Salesloft, stating, "Using a single token stolen from Salesloft, the threat actor was able to access tokens for any Drift-linked organization. The threat actor then used the Salesforce tokens to directly access that data and exfiltrate it to servers, where they looked for plaintext credentials, including Amazon, Snowflake, and other passwords."
Google's Threat Intelligence Group said in an update on Thursday, "Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations. We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised."
The researchers added, "On August 28, 2025, our investigation confirmed that the actor also compromised OAuth tokens for the 'Drift Email' integration. On August 9, 2025, a threat actor used these tokens to access email from a very small number of Google Workspace accounts. The only accounts that were potentially accessed were those that had been specifically configured to integrate with Salesloft; the actor would not have been able to access any other accounts on a customer's Workspace domain."
FBI says Salt Typhoon targeted more than 80 countries.
The Wall Street Journal reports that the Chinese cyberespionage campaign known as "Salt Typhoon" targeted approximately 600 organizations across more than 80 countries. Brett Leatherman, the FBI's Deputy Assistant Director for Cyber Operations, told the Journal that the campaign was "broader and more indiscriminate than previously understood, and beyond what countries usually understand to be espionage." The FBI believes the hackers obtained more than a million call records and specifically targeted the phone calls and text messages of around 100 Americans.
The threat actors also compromised telecommunication providers in other countries, with varying degrees of access. Leatherman added, "If you are able to exfiltrate similar information globally you can start to aggregate that data and start to understand a much different intelligence picture than what you would get if you just targeted and compromised one country."
Cyberattack disrupts Nevada state government services.
A cyberattack on Sunday morning disrupted Nevada state websites and phone lines, the Record reports. Nevada governor Joe Lombardo said in a statement that the government is "using temporary routing and operational workarounds to maintain public access where it is feasible." State officials disclosed that some personal information was stolen during the attack, although the nature of the data hasn't been disclosed, the Nevada Independent reports.
As of yesterday, the state's website was still down. Emergency services remain available.
Citrix patches critical NetScaler zero-day.
Citrix yesterday issued patches for three vulnerabilities in NetScaler ADC and NetScaler Gateway, including an actively exploited zero-day that can lead to remote code execution, BleepingComputer reports. The zero-day (CVE-2025-7775) is a memory overflow vulnerability that can lead to remote code execution. The flaw was assigned a CVSS score of 9.2.
TransUnion breach affects 4.4 million customers.
US-based consumer credit reporting giant TransUnion has disclosed a breach affecting personal information belonging to more than 4.4 million customers, TechCrunch reports. The company said no credit information was breached, but didn't share what type of personal information was affected. The firm is notifying affected customers.
BleepingComputer reports that the breach was the latest in a wave of social engineering attacks targeting organizations' Salesforce instances. The ShinyHunters extortion group has claimed responsibility for these attacks. BleepingComputer also obtained an alleged sample of the stolen data, which contained "names, billing addresses, phone numbers, email addresses, dates of birth, and unredacted Social Security Numbers of TransUnion customers."
Farmers Insurance discloses third-party breach.
California-based Farmers Insurance has disclosed a breach affecting more than 1 million customers, SecurityWeek reports. Farmers New World Life Insurance and its parent company, Farmers Group, each filed breach notifications with the Maine Attorney General’s Office. The company said a third-party vendor discovered unauthorized access to a database containing Farmers' customer information on May 30th. The insurance firm says the database contained customers' "names, addresses, dates of birth, driver’s license numbers, and the last four digits of Social Security numbers."
