GitHub compromise led to Drift data breach, impacting 22 companies and prompting Salesloft app suspension.
Get the latest international news and world events from around the world.
Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack
A new supply chain attack on GitHub, dubbed ‘GhostAction,’ has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys.
The attack was discovered by GitGuardian researchers, who report that the first signs of compromise on one of the impacted projects, FastUUID, became evident on September 2, 2025.
The attack involved leveraging compromised maintainer accounts to perform commits that added a malicious GitHub Actions workflow file that triggers automatically on ‘push’ or manual dispatch.
Salesloft: March GitHub repo breach led to Salesforce data theft attacks
Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August.
Salesloft is a widely used sales engagement platform that helps companies manage outreach and customer communications. Its Drift platform is a conversational marketing tool that integrates chatbots and automation into sales pipelines, including integrations with platforms like Salesforce.
The two have been at the center of a major supply-chain style breach first disclosed in late August, with Google’s Threat Intelligence Group attributing the attacks to UNC6395.
Modeling Electrochemistry with Continuum Non-Equilibrium Thermodynamics
Manuel Landstorfer — Modeling Electrochemistry with Continuum Non-Equilibrium Thermodynamics.
Synthesia’s AI clones are more expressive than ever. Soon they’ll be able to talk back
The uncanny valley is narrowing. Are we ready for what comes next?
