Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cloudflare hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 15
2 unique sources, 2 articles

Summary

Hide ▲

Cloudflare disclosed a Salesforce support-system breach that exposed 104 API tokens and text from customer support cases. The company said attackers accessed its internal case-management instance during August 12-17 after reconnaissance on August 9, then rotated the tokens and alerted customers on September 2. Shared support data such as logs, tokens, or passwords should be treated as compromised, raising follow-on abuse risk.

Related Happenings

UNC6783 BPO compromise campaign targeting downstream companies

Campaign
First: 09.04.2026 00:46 Last: 09.04.2026 00:46 Sources 1

About this happening: **UNC6783** is an active **BPO compromise campaign** targeting **business process outsourcers** and large enterprises to reach downstream environments for **extortion**. The opera...

Open Happening

OAuth device-code phishing campaign targeting SaaS accounts

Campaign
First: 04.04.2026 17:17 Last: 04.04.2026 17:17 Sources 1

About this happening: A **device code phishing** campaign now includes **EvilTokens**, a **phishing-as-a-service** kit sold on **Telegram** that uses the **OAuth 2.0 device authorization flow** to hija...

Open Happening

Crunchyroll hit by network compromise

Incident
First: 23.03.2026 21:21 Last: 23.03.2026 21:21 Sources 1

About this happening: Crunchyroll is investigating a **breach** that allegedly exposed support systems and user data, putting about **6.8 million** people at risk. The claimed intrusion involved a **su...

Open Happening

Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 05.03.2026 08:51 Last: 05.03.2026 08:51 Sources 1

About this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....

Latest development: 17.05.2026 17:43

eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.

Open Happening

LexisNexis Legal & Professional data leak after AWS intrusion

Data Leak
First: 03.03.2026 17:40 Last: 03.03.2026 17:40 Sources 1

About this happening: **FulcrumSec** leaked **2GB of files** tied to **LexisNexis Legal & Professional**, exposing customer and business information that could be used for follow-on abuse. The company...

Open Happening

Timeline

  1. 02.09.2025 22:54 2 articles · 8mo ago

    Initial report: Cloudflare hit by cyberattack

    Initial Disclosure

    Attackers conducted reconnaissance on **August 9** and then extracted text from Cloudflare's Salesforce case objects between **August 12 and August 17**. That early access stage enabled theft of support-ticket content and API tokens.

    Show sources
    Open in new tab