Supply Chain Attack on Drift via OAuth Token Theft

Red Hat confirmed a security incident affecting its consulting business. The Crimson Collective extortion group claims to have breached Red Hat's private GitLab repositories, stealing nearly 570GB of data across 28,000 internal projects. The stolen data allegedly includes 800 Customer Engagement Reports (CERs), which contain sensitive information about customer networks and platforms. The breach occurred approximately two weeks prior to the announcement. The hackers claim to have accessed downstream customer infrastructure using authentication tokens and other private information found in the stolen data. The affected organizations span various sectors, including finance, healthcare, government, and telecommunications. Red Hat has initiated remediation steps and stated that the security issue does not impact its other services or products. The hackers published a complete directory listing of the allegedly stolen GitLab repositories and a list of CERs from 2020 through 2025 on Telegram. The directory listing of CERs includes a wide range of sectors and well-known organizations, such as Bank of America, T-Mobile, AT&T, Fidelity, Kaiser, Mayo Clinic, Walmart, Costco, the U.S. Navy’s Naval Surface Warfare Center, Federal Aviation Administration, the House of Representatives, and many others. The Centre for Cybersecurity Belgium (CCB) has issued an advisory stating there is a high risk to Belgian organizations that use Red Hat Consulting services. The CCB also warns of potential supply chain impact if service providers or IT partners worked with Red Hat Consulting. The CCB advises organizations to rotate all tokens, keys, and credentials shared with Red Hat or used in any Red Hat integrations, and to contact third-party IT providers to assess potential exposure.

Executives at multiple companies received extortion emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems. The campaign began on or before September 29, 2025, and is linked to the Clop ransomware gang. The emails were sent from hundreds of compromised accounts, some previously associated with the FIN11 threat group. The emails contain contact addresses known to be listed on the Clop ransomware gang's data leak site. The extortion emails are part of a "high-volume email campaign" launched from compromised accounts. The campaign began in late September 2025 and is linked to the Clop ransomware gang. The emails were sent from compromised accounts, some previously associated with the FIN11 threat group. The emails contain contact addresses known to be listed on the Clop ransomware gang's data leak site. Mandiant and GTIG are investigating the claims and recommend that organizations receiving these emails investigate their environments for unusual access or compromise in their Oracle E-Business Suite platforms.

WestJet, a major Canadian airline, has confirmed that a cyberattack on June 13, 2025, compromised the personal information of 1.2 million customers. The breach involved the theft of travel documents, including passports and ID documents. The attackers gained access to the network through a Citrix system after resetting an employee's password via social engineering. The breach was attributed to threat actors associated with Scattered Spider, although no official attribution has been made. The compromised data includes full names, dates of birth, mailing addresses, travel documents, requested accommodations, filed complaints, WestJet Rewards Member IDs, and details of WestJet RBC Mastercard information. No credit card or debit card numbers, expiry dates, CVV numbers, or user passwords were compromised. The airline is working with the FBI and has offered a free 2-year identity theft protection and monitoring service to affected customers.

An unofficial npm package named 'postmark-mcp' silently stole users' emails after a malicious update. The package, which mimicked the official 'postmark-mcp' project, added a line of code in version 1.0.16 to exfiltrate email communications to an external address. The malicious version was available for a week and recorded around 1,643 downloads, potentially exposing sensitive information. The package was used to interface AI assistants with the Postmark email delivery platform, allowing them to send emails on behalf of users or apps. The malicious functionality could have exposed personal communications, password reset requests, two-factor authentication codes, financial information, and customer details. Users who downloaded the package are advised to remove it immediately, rotate potentially exposed credentials, and audit all MCP servers in use. The malicious package was deleted by the developer 'phanpak' after being contacted, who maintains 31 other packages on npm. Researchers at Koi Security discovered the malicious package, which contained a single line of code that BCC'd all emails to the threat actor. The risk could be widespread, with some 1,500 organizations potentially downloading the malicious package. The developer removed the malicious package from npm after being contacted by Koi Security.

A critical vulnerability in Salesforce Agentforce, named ForcedLeak, allowed attackers to exfiltrate sensitive CRM data through indirect prompt injection. The flaw affected organizations using Salesforce Agentforce with Web-to-Lead functionality enabled. The vulnerability was discovered and reported by Noma Security on July 28, 2025. Salesforce has since patched the issue and implemented additional security measures, including regaining control of an expired domain and preventing AI agent output from being sent to untrusted domains. The exploit involved manipulating the Description field in Web-to-Lead forms to execute malicious instructions, leading to data leakage. Salesforce has enforced a Trusted URL allowlist to mitigate the risk of similar attacks in the future. The ForcedLeak vulnerability is a critical vulnerability chain with a CVSS score of 9.4, described as a cross-site scripting (XSS) play for the AI era. The exploit involves embedding a malicious prompt in a Web-to-Lead form, which the AI agent processes, leading to data leakage. The attack could potentially lead to the exfiltration of internal communications, business strategy insights, and detailed customer information. Salesforce is addressing the root cause of the vulnerability by implementing more robust layers of defense for their models and agents.