CyberSecurityBoard
Sponsor Register Login

Cloudflare hit by data breach in SalesLoft, Drift supply chain attack

Cloudflare, a leading web infrastructure and security company, has recently been impacted by a significant data breach linked to a supply chain attack involving SalesLoft and Drift. This incident highlights the growing risks associated with third-party software providers and the cascading effects such breaches can have on major tech companies. The attackers exploited vulnerabilities in the supply chain, gaining unauthorized access to sensitive Cloudflare data. This breach underscores the critical need for enhanced security measures and vigilant monitoring of supply chain partners to prevent similar incidents in the future. The attack on Cloudflare was traced back to compromised systems within SalesLoft and Drift, two prominent sales engagement platforms. By infiltrating these platforms, threat actors were able to leverage their access to Cloudflare's network, demonstrating the interconnected nature of modern cybersecurity threats. The breach has raised concerns about the security practices of third-party vendors and the potential for widespread impact across multiple organizations. In response to the breach, Cloudflare has initiated comprehensive investigations and is working closely with SalesLoft and Drift to mitigate the damage and strengthen defenses. The company has also advised its customers to remain vigilant and implement recommended security protocols. This incident serves as a stark reminder of the importance of supply chain security and the need for organizations to adopt a proactive approach to managing third-party risks. As cyber threats continue to evolve, the Cloudflare breach exemplifies the challenges faced by enterprises in safeguarding their digital assets. It calls for a collaborative effort among companies, vendors, and cybersecurity professionals to enhance transparency, improve security standards, and develop resilient strategies against supply chain attacks. Staying informed and prepared is essential to protecting sensitive information and maintaining trust in the digital ecosystem.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 02 Sep 2025 19:55:12 +0000


Cyber News related to Cloudflare hit by data breach in SalesLoft, Drift supply chain attack

Cloudflare hit by data breach in SalesLoft, Drift supply chain attack - Cloudflare, a leading web infrastructure and security company, has recently been impacted by a significant data breach linked to a supply chain attack involving SalesLoft and Drift. This incident highlights the growing risks associated with ...
11 hours ago Bleepingcomputer.com
Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
1 year ago Feeds.dzone.com
Cloudflare discloses breach related to stolen Okta data - Last fall, Cloudflare announced it mitigated an attempted cyberattack stemming from the infamous Okta breach. Cloudflare disclosed in a blog post that it had been breached by an unnamed nation-state threat actor using an access token and three ...
1 year ago Techtarget.com
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator - The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator, according to ...
1 year ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
11 months ago Aws.amazon.com
CVE-2025-6087 - A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy ...
2 months ago
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
2 years ago Csoonline.com
Zscaler, Palo Alto Networks Breached in SalesLoft, Drift Attacks - Recent cyberattacks have targeted major cybersecurity companies Zscaler and Palo Alto Networks through breaches at SalesLoft and Drift, two prominent sales engagement platforms. These incidents highlight the increasing risk of supply chain attacks ...
13 hours ago Darkreading.com
Cloudflare Dashboard and APIs down after data center power outage - An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces customers use to manage and read service configurations. The complete list of services whose ...
1 year ago Bleepingcomputer.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
1 year ago Securityboulevard.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
1 year ago Securityzap.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Cloudflare publishes details of Thanksgiving security breach The Register - Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. In a write-up on Thursday, CEO Matthew Prince, CTO John ...
1 year ago Go.theregister.com
Cloudflare mitigates record number of DDoS attacks in 2025 - Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase. However, 2025 is looking to be an even bigger problem for online ...
4 months ago Bleepingcomputer.com
CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force - The Task Force, chaired by CISA's National Risk Management Center and the Information Technology and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from public and private ...
1 year ago Cisa.gov
Ledger Supply Chain Breach: $600,000 Theft Unveiled - Recent events have brought to light the Ledger supply chain breach, a cybercrime incident that led to the theft of $600,000 in virtual assets. For those who don't know, Ledger is a company that develops hardware and software-based cryptocurrency ...
1 year ago Securityboulevard.com
How to Arm Yourself With CloudFlare Security Solutions - Securing your website or digital asset is a critical part of running a successful business or website. With the rise of the digital era, the need to protect yourself from cyber-attacks is essential. That's why CloudFlare, the leading cloud solution ...
2 years ago Blog.cloudflare.com
Cloudflare hacked using auth tokens stolen in Okta attack - Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. The threat actor first gained access ...
1 year ago Bleepingcomputer.com
The Ongoing Fallout From a Breach at AI Chatbot Maker Salesloft | Krebs on Security - In September 2025, Salesloft, a prominent AI chatbot maker, suffered a significant data breach that has since led to ongoing fallout affecting its operations and customers. The breach exposed sensitive information, raising concerns about the security ...
1 day ago Krebsonsecurity.com
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
1 year ago Theregister.com Lazarus Group
Securing the Supply Chain - Before a supply chain can be improved, it must be understood. Rather than attacking one target, it is more effective to manipulate the supply chain to gain access to multiple targets. The 2013 Target breach was an example of a supply chain attack, as ...
2 years ago Securityweek.com
Supply Chain Cybersecurity - CISO Risk Management Guide - As regulatory scrutiny intensifies and cyber threats grow more sophisticated, CISOs must adopt a proactive, strategic approach to supply chain cybersecurity risk management, making it a boardroom priority and an integral part of organizational ...
4 months ago Cybersecuritynews.com
SCS 9001 2.0 reveals enhanced controls for global supply chains - In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks. ...
1 year ago Helpnetsecurity.com
Zscaler data breach exposes customer info after SalesLoft, Drift compromise - Zscaler, a leading cloud security company, recently disclosed a data breach impacting its customers following compromises at SalesLoft and Drift, two prominent sales engagement platforms. The attackers exploited vulnerabilities in these third-party ...
1 day ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)