Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Klue hit by network compromise

Incident
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

The Klue backend compromise and OAuth token theft enabled unauthorized access to connected Salesforce environments and triggered an ongoing extortion response. Attackers used a malicious code update in the Battlecards integration path to steal customer tokens. The stolen credentials were then used to query Salesforce data across multiple affected organizations.

Related Happenings

Icarus Salesforce data-theft extortion campaign

Campaign
H score42 First: 18.06.2026 17:19 Last: 18.06.2026 17:19 Sources 1

How related: Market intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign.

About this happening: The **Icarus** extortion campaign is actively stealing **Salesforce CRM data** from **multiple organizations**, expanding pressure on victims and showing a repeatable cloud-app ab...

Open Happening

Major U.S. services company hit by ransomware attack linked to DragonForce

Incident
H score38 First: 16.06.2026 13:18 Last: 16.06.2026 13:18 Sources 1

About this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...

Open Happening

BlackFile vishing extortion campaign targeting retail and hospitality organizations

Campaign
H score37 First: 24.04.2026 21:26 Last: 24.04.2026 21:26 Sources 1

About this happening: The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...

Open Happening

Over a dozen companies data exposed after SaaS integration provider Snowflake breach

Data Leak
H score69 First: 07.04.2026 22:39 Last: 07.04.2026 22:39 Sources 1

About this happening: A stolen-token attack from a **SaaS integration provider breach** has led to data theft claims affecting **over a dozen companies**, creating immediate exposure and extortion risk...

Open Happening

Custom vishing campaign stealing Okta SSO credentials

Campaign
H score44 First: 22.01.2026 23:43 Last: 22.01.2026 23:43 Sources 1

About this happening: A **custom vishing campaign** is actively stealing **Okta SSO credentials** through live, adversary-in-the-middle phishing pages, creating immediate risk of account takeover and d...

Open Happening

Timeline

  1. 18.06.2026 17:19 2 articles · 2h ago

    Klue OAuth breach lets Icarus steal Salesforce CRM data

    Initial Disclosure

    Klue suffered an OAuth breach that enabled Icarus to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. ReliaQuest and Huntress said attackers used stolen OAuth tokens and automated Python scripts against Salesforce APIs, while Salesforce disabled the Klue Battlecards integration during the investigation. Huntress said the stolen data included business contacts, sales communications, price quotes, competitive intelligence reports, and account data.

    Show sources
    Open in new tab