Customer CRM Data Accessed in Supply Chain Incident

LastPass experienced a security incident through Klue, a third-party market intelligence platform integrated with its Salesforce and Gong systems. On June 12, 2026, LastPass was notified that an unauthorized actor exploited stolen OAuth tokens held by Klue to access customer relationship management data within LastPass's Salesforce environment. The exposed information includes customer names, email addresses, phone numbers, physical addresses, support case data, and sales records. Multiple Klue customers were affected by this supply chain attack. LastPass confirmed no Gong data was accessed, and customer vaults, master passwords, and encrypted vault data remain unaffected. The company has terminated Klue access, rotated compromised API tokens, and is cooperating with law enforcement while warning customers about potential phishing attempts using the exposed contact information.

Pulse ID: 6a3ab4c93adb7c2764a5fa23
Pulse Link: https://otx.alienvault.com/pulse/6a3ab4c93adb7c2764a5fa23
Pulse Author: AlienVault
Created: 2026-06-23 16:31:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Email #InfoSec #LawEnforcement #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #RCE #SupplyChain #Word #bot #AlienVault

🚨 Krytyczna luka w Kids Online Store: RCE przez upload plików (CVE-2026-40750)

Luka CVE-2026-40750 z oceną 9.9/10 pozwala na przejęcie serwera w skrypcie sklepu Kids Online Store. Dotyczy to wszystkich wersji do 0.8.9 i nie wymaga uwierzytelnienia od atakującego.

→ https://cyberowi.pl/krytyczna-luka-w-kids-online-store-rce-przez-upload-plikow/

#cve #rce #ecommerce #webshell

#cyberbezpieczenstwo

Detecting the Klue supply chain attack in Salesforce instances

On June 11, 2026, the Icarus threat group compromised Klue's backend systems, a market intelligence platform used by hundreds of enterprises to sync competitive battlecard data with CRM environments. The attackers exploited a dormant credential from an abandoned prototype integration to harvest OAuth tokens for Salesforce and Gong. Through automated API calls using Python scripts, the group exfiltrated CRM data including business contacts, price quotes, and sales communications from multiple customer Salesforce organizations. Klue detected the anomalous activity on June 12 and revoked OAuth credentials on June 13. The attackers subsequently launched an extortion campaign starting June 16, demanding victims contact them via Session Messenger within 48 hours.

Pulse ID: 6a3999371eb0f2f2e3fb7f08
Pulse Link: https://otx.alienvault.com/pulse/6a3999371eb0f2f2e3fb7f08
Pulse Author: AlienVault
Created: 2026-06-22 20:21:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Extortion #InfoSec #OTX #OpenThreatExchange #Python #RAT #RCE #SupplyChain #bot #AlienVault

Inside the FortiBleed Open Directory: A Technical Analysis of What the Attacker Left Behind

An exposed attacker server has unveiled FortiBleed, a large-scale credential-compromise campaign targeting internet-facing Fortinet FortiGate firewalls and SSL VPN gateways globally. This operation involved credential harvesting through reuse, brute force, and hash cracking using a distributed GPU infrastructure with approximately 36 rented GPUs via Hashtopolis. The exposed directory contained 319 files revealing scanning tools, cracking infrastructure, credential databases, post-exploitation toolkits, and active VPN configurations. While initially reported as affecting 21,632 domains, analysis of the attacker's own tooling reveals only 918 organizations showed evidence of internal network compromise, with merely 148 confirmed cases where credentials were fully cracked. The operation ultimately aimed to sell initial access to compromised networks, with victims spanning 194 countries, predominantly India, United States, and Taiwan.

Pulse ID: 6a358eb86925d602f0cf5600
Pulse Link: https://otx.alienvault.com/pulse/6a358eb86925d602f0cf5600
Pulse Author: AlienVault
Created: 2026-06-19 18:47:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BruteForce #CredentialHarvesting #CyberSecurity #India #InfoSec #OTX #OpenThreatExchange #RAT #RCE #SSL #UnitedStates #VPN #bot #AlienVault

Fileless RCE on stock Android (~2.5B devices). Reported to Google VRP, confirmed by their own engineering team, closed as NSBC anyway.

Full writeup:
https://www.researchgate.net/publication/407433163_Fileless_Code_Execution_via_Semantic_Gap_in_Android_WebView_Bridge_Architecture_A_Case_Study_in_Platform_Security_Boundary_Ambiguity

#AndroidSecurity #infosec #Android #MobileSecurity #VulnerabilityResearch #RCE #BugBounty #VRP #ResponsibleDisclosure #AppSec #ThreatIntel #WebView #ZeroDay #CVE

Alerte Météo Imminente au Tamil Nadu

https://peer.adalta.social/w/tS6oqqM67d96ZBMS82qwtS

Tamil Nadu Braces for Heavy Rain Onslaught

https://peer.adalta.social/w/7ez6rzogCS9iLFS2LPvvTX

Tamil Nadu unter Regendruck

https://peer.adalta.social/w/fdX1KpLXBLWHYc6Pcr1NJ6

Le conflit latent entre Meloni et Trump

https://peer.adalta.social/w/46K9pbzCG2KUsq9c1wRxsu