CyberSecurityBoard
Sponsor Register Login

Cloudflare hit by data breach in SalesLoft, Drift supply chain attack

Cloudflare, a leading web infrastructure and security company, has recently been impacted by a significant data breach linked to a supply chain attack involving SalesLoft and Drift. This incident highlights the growing risks associated with third-party software providers and the cascading effects such breaches can have on major tech companies. The attackers exploited vulnerabilities in the supply chain, gaining unauthorized access to sensitive Cloudflare data. This breach underscores the critical need for enhanced security measures and vigilant monitoring of supply chain partners to prevent similar incidents in the future. The attack on Cloudflare was traced back to compromised systems within SalesLoft and Drift, two prominent sales engagement platforms. By infiltrating these platforms, threat actors were able to leverage their access to Cloudflare's network, demonstrating the interconnected nature of modern cybersecurity threats. The breach has raised concerns about the security practices of third-party vendors and the potential for widespread impact across multiple organizations. In response to the breach, Cloudflare has initiated comprehensive investigations and is working closely with SalesLoft and Drift to mitigate the damage and strengthen defenses. The company has also advised its customers to remain vigilant and implement recommended security protocols. This incident serves as a stark reminder of the importance of supply chain security and the need for organizations to adopt a proactive approach to managing third-party risks. As cyber threats continue to evolve, the Cloudflare breach exemplifies the challenges faced by enterprises in safeguarding their digital assets. It calls for a collaborative effort among companies, vendors, and cybersecurity professionals to enhance transparency, improve security standards, and develop resilient strategies against supply chain attacks. Staying informed and prepared is essential to protecting sensitive information and maintaining trust in the digital ecosystem.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 02 Sep 2025 19:55:12 +0000


Cyber News related to Cloudflare hit by data breach in SalesLoft, Drift supply chain attack

Cloudflare hit by data breach in SalesLoft, Drift supply chain attack - Cloudflare, a leading web infrastructure and security company, has recently been impacted by a significant data breach linked to a supply chain attack involving SalesLoft and Drift. This incident highlights the growing risks associated with ...
2 months ago Bleepingcomputer.com
Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
1 year ago Feeds.dzone.com
Cloudflare discloses breach related to stolen Okta data - Last fall, Cloudflare announced it mitigated an attempted cyberattack stemming from the infamous Okta breach. Cloudflare disclosed in a blog post that it had been breached by an unnamed nation-state threat actor using an access token and three ...
1 year ago Techtarget.com
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator - The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator, according to ...
1 year ago Bleepingcomputer.com
Cloudflare Victimized in SalesLoft Data Breach - Cloudflare, a leading internet security and performance company, recently fell victim to a data breach through SalesLoft, a sales engagement platform. The breach exposed sensitive information, highlighting the risks associated with third-party ...
2 months ago Infosecurity-magazine.com
CVE-2025-6087 - A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy ...
4 months ago
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 year ago Aws.amazon.com
Salesloft confirms GitHub breach, Drift also impacted - Salesloft, a leading sales engagement platform, recently confirmed a security breach involving its GitHub repositories. The breach was discovered after suspicious activity was detected, leading to an investigation that revealed unauthorized access to ...
2 months ago Infosecurity-magazine.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
2 years ago Csoonline.com
Cloudflare Dashboard and APIs down after data center power outage - An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces customers use to manage and read service configurations. The complete list of services whose ...
1 year ago Bleepingcomputer.com
Zscaler, Palo Alto Networks Breached in SalesLoft, Drift Attacks - Recent cyberattacks have targeted major cybersecurity companies Zscaler and Palo Alto Networks through breaches at SalesLoft and Drift, two prominent sales engagement platforms. These incidents highlight the increasing risk of supply chain attacks ...
2 months ago Darkreading.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
1 year ago Securityboulevard.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
1 year ago Securityzap.com
Cloudflare publishes details of Thanksgiving security breach The Register - Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. In a write-up on Thursday, CEO Matthew Prince, CTO John ...
1 year ago Go.theregister.com
Cloudflare mitigates record number of DDoS attacks in 2025 - Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase. However, 2025 is looking to be an even bigger problem for online ...
6 months ago Bleepingcomputer.com
How to Arm Yourself With CloudFlare Security Solutions - Securing your website or digital asset is a critical part of running a successful business or website. With the rise of the digital era, the need to protect yourself from cyber-attacks is essential. That's why CloudFlare, the leading cloud solution ...
2 years ago Blog.cloudflare.com
Cloudflare hacked using auth tokens stolen in Okta attack - Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. The threat actor first gained access ...
1 year ago Bleepingcomputer.com
CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force - The Task Force, chaired by CISA's National Risk Management Center and the Information Technology and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from public and private ...
1 year ago Cisa.gov
Ledger Supply Chain Breach: $600,000 Theft Unveiled - Recent events have brought to light the Ledger supply chain breach, a cybercrime incident that led to the theft of $600,000 in virtual assets. For those who don't know, Ledger is a company that develops hardware and software-based cryptocurrency ...
1 year ago Securityboulevard.com
Salesloft Breached After GitHub Account Compromise - Salesloft, a prominent sales engagement platform, recently disclosed a security breach resulting from a compromised GitHub account. The attackers gained unauthorized access to the company's internal systems by exploiting credentials linked to their ...
2 months ago Darkreading.com
ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks - In a significant cybersecurity incident, the hacking group ShinyHunters has claimed responsibility for stealing 1.5 billion Salesforce records through breaches involving the company Drift. This massive data breach highlights the increasing risks ...
1 month ago Bleepingcomputer.com ShinyHunters
Elastic, SalesLoft, and Drift Confirm Security Incidents Impacting Customer Data - Recently, major tech companies Elastic, SalesLoft, and Drift disclosed security incidents that have raised concerns about customer data protection. These incidents involved unauthorized access to internal systems, potentially exposing sensitive ...
2 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)