Simply Cyber Newsletter #146

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Cloudflare and Palo Alto Networks Victimized in Salesloft Drift Breach. Cloudflare and Palo Alto Networks disclosed that threat actors accessed their Salesforce data through the compromised Salesloft Drift app. Customer contact details, case data, and even API tokens were exposed. This incident underscores the need to review third party integrations, rotate secrets, and tighten case management workflows.

What you need to know: Educate your end users about why they should be cautious about sharing information, even when it seems safe. Recently, attackers targeted a third-party chat app that connects to a company's support system. When customers used chat to get help, attackers could steal details from conversations, including contact information and, in some cases, sensitive items like passwords or keys.

That stolen data can fuel convincing phishing attempts. You might receive an email saying, "I've been assigned to your account and wanted to introduce myself." It may feel real enough to trick you if it mentions a tool you use or a past support issue. This incident is a reminder: never share passwords, private keys, or other confidential information in chat or support tickets. Always use your company's approved secure methods and official contacts for sensitive data. Every time you keep sensitive data out of a chat or ticket, you protect not only your account but also reduce the burden on governance and response teams.

FOR PEERS

The impact of the Salesloft Drift breach on Cloudflare and our customers. The Salesloft Drift breach exposed Salesforce data from more than 700 organizations. Cloudflare confirmed that attackers accessed customer case details and API tokens. Their rapid response shows the importance of auditing integrations, rotating credentials, and ensuring sensitive data is not stored in third-party support systems.

What you need to know: Share this story with your peers and discuss what your organization is doing to strengthen governance and incident response for third-party integrations. Cloudflare’s disclosure shows how attackers used a Drift connection to access Salesforce case data, exposing customer contacts, support details, and 104 API tokens. This highlights a core GRC gap: vendor risk programs don’t prevent sensitive data from being dropped into free-text fields. Guardrails and audits must ensure that confidential information isn’t stored in places never meant for it.

The incident also underscores how governance failures become incident response challenges. Attackers moved through reconnaissance, enumeration, and API exfiltration with speed. Could your teams detect that activity in SaaS apps? Could you disable a compromised vendor account before the data leaves your tenant? Use this breach as a tabletop test to measure readiness and close the gaps, because when response is strained the responsibility moves higher.

FOR EXECUTIVES

More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach. Cybersecurity firms Proofpoint, SpyCloud, Tanium, and Tenable were breached via a third-party app integration with Salesforce. The attack, affecting over 700 organizations, highlights how a single compromised integration can lead to a supply chain attack, exposing sensitive data like business contact information and credentials.

What you need to know: The Salesforce–Salesloft Drift incident shows that a breach at a vendor can expose your customer relationships without anyone touching your core systems. Attackers now hold intelligence that can be reused for phishing, credential misuse, and business email compromise. For more than 700 companies, the financial and reputational risk is just beginning.

The lesson for leadership is not simply to ask if vendors are compliant. It is required to prove that partners can withstand and recover from attacks. That means verified controls, independent audits, and a transparent process for disengagement when a vendor fails. The measure of trust in your supply chain is not policy on paper but resilience demonstrated under pressure. Executives should ensure that vendor oversight and incident planning are board-level priorities. The damage from lost trust will be measured in customer retention, market confidence, and long-term resilience.

SIMPLY CYBER MEDIA GROUP PODCASTS

Visit https://www.youtube.com/@SimplyCyber/podcasts to catch up on all of the podcasts available on Simply Cyber Media Group!

SIMPLY CYBER FIRESIDES

This Thursday at 4:30 PM EDT on Simply Cyber

🔥 Simply Cyber Firesides returns with host Gerald Auger, Ph.D. and a very special guest — Jessica Hyde, founder of Hexordia and one of the most respected voices in Digital Forensics and Incident Response (DFIR).

Jessica has joined the show before, and by popular demand she’s back to continue the conversation on DFIR careers and the ever-evolving landscape of cybersecurity jobs.

With a career spanning the Department of Defense, Intelligence Community, commercial forensics, and leadership roles in the private sector, she brings a wealth of knowledge to anyone looking to build or advance a career in this space.

As the founder of Hexordia, Adjunct Professor at George Mason University, veteran of the United States Marine Corps, and former Director of Forensics at Magnet Forensics, Jessica’s journey showcases the diverse opportunities in DFIR.

She also actively serves the community through roles with DFIR Review, High Tech Crime International Association, Cyber Sleuths Lab, and more.

This Fireside Chat dives into:

• The realities of working in Digital Forensics and Incident Response

• How to break into DFIR and stand out in a competitive job market

• Insights from Jessica’s extensive government, academic, and private sector experience

Join us live, ask your questions, and get inspired by one of the leading voices in DFIR.

See you in live chat! https://youtube.com/live/EmAv6mkgBBk

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

🚨 This Week in Cybersecurity Streams (Sept 8–13, 2025)

Stay sharp and plugged in with Simply Cyber Media Group! Here’s what’s streaming live this week:

Monday, Sept 8: 📰 Daily Cyber Threat Brief – 8:00 AM EDT 🎤 Jaw Jackin’ AMA – 9:00 AM EDT 🛡️ Simply Defensive Podcast – 9:30 AM EDT

Tuesday, Sept 9: 📰 Daily Cyber Threat Brief – 8:00 AM EDT 🎤 Jaw Jackin’ AMA – 9:00 AM EDT

Wednesday, Sept 10: 📰 Daily Cyber Threat Brief – 8:00 AM EDT 🎤 Jaw Jackin’ AMA – 9:00 AM EDT ⚙️ Simply ICS Cyber Podcast – 9:30 AM EDT

Thursday, Sept 11: 📰 Daily Cyber Threat Brief – 8:00 AM EDT 🎤 Jaw Jackin’ AMA – 9:00 AM EDT 🤝 Cyber Mentors Podcast – 9:30 AM EDT 🔥 Simply Cyber Firesides Live – 4:30 PM EDT

Friday, Sept 12: 📰 Daily Cyber Threat Brief – 8:00 AM EDT 🎤 Jaw Jackin’ AMA Panel – 9:00 AM EDT

Saturday, Sept 13: 🎓 Slay Security+ with @SlaySecurityPlus (YouTube) – 4:00 PM EDT 💬 Discord Events (Mon–Fri) Pre-Show Jaw Jackin’ – 7:30 AM EDT

👉 Don’t miss a stream! Join the community at simplycyber.io/learn & simplycyber.io/discord

#cybersecurity #threatIntel #TeamSC

SIMPLY CYBER CON 2025

When: Sunday, Nov. 2nd & Monday, Nov. 3rd

We’re excited to share Simply Cyber Con is back for the third year in a row!

Registration is now available! Head over to the website to learn more about conference registration and training day options.

Don’t miss the opportunity to attend onsite training in-person with the amazing instructors on Nov. 2nd!

Interested in sponsoring? Review the sponsor packet. It’s going to be the best Simply Cyber Con yet, don’t miss out on this chance to sponsor and share your business with #TeamSC!

Stay tuned for updates! #simplycybercon

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry