All news with #data exfiltration tag

Zimbra XSS Zero-Day Used to Target Brazilian Military

⚠️A stored cross-site scripting vulnerability in the Zimbra Classic Web Client (CVE-2025-27915) was exploited in targeted attacks and has since been patched. The flaw allowed embedded JavaScript in ICS calendar entries to execute via an ontoggle event, enabling attackers to create mail filters, redirect messages, and exfiltrate mailbox data. Zimbra released fixes on January 27, 2025; administrators should apply updates and audit mailbox filters and logs for indicators of compromise.

Salesloft–Drift OAuth Abuse Targets Salesforce Data

⚠️ Unit 42 observed a campaign that abused the Salesloft Drift integration using compromised OAuth credentials to access and exfiltrate data from customer Salesforce instances. The actor performed large-scale extraction of objects including Account, Contact, Case and Opportunity records and scanned harvested data for credentials. Salesloft revoked tokens and notified affected customers; organizations should immediately review logs, rotate exposed credentials and hunt for the provided IoCs.