Instructure has confirmed that a criminal threat actor accessed Canvas user information and messages, while ShinyHunters claims a far larger education-sector data haul affecting millions of students, teachers, and institutions worldwide.
Trellix says attackers gained unauthorised access to part of its source code repository, but has found no evidence that its release pipeline was affected or that code was exploited.
10th September 2025 Cyber Update: Tenable Confirms Data Breach in Widespread Supply Chain Attack
Cybersecurity firm Tenable has confirmed it was a victim of a major supply chain attack that compromised customer data. The breach originated from a third-party vendor, Salesloft Drift, and has impacted more than 700 organisations.
Cyber News Centre's cyber update for 10th September 2025: Tenable has confirmed it was a victim of a major supply chain attack that compromised customer data. The breach originated from a third-party vendor, Salesloft Drift, and has impacted more than 700 organisations.
Tenable Confirms Data Breach
Tenable is a publicly traded cybersecurity company that provides vulnerability management solutions. Its products are used by organisations to identify and manage their cybersecurity risks.
The Update and Why It Matters
The Update: Cybersecurity firm Tenable has confirmed it was among hundreds of organisations affected by a supply chain style data theft campaign involving Salesforce and the Salesloft Drift integration. Attackers are believed to have gained access to Salesloft’s GitHub account between March and June 2025 and later used stolen OAuth tokens from Drift to extract data between August 8 and August 18. The campaign, attributed to the group known as UNC6395, targeted Salesforce environments and harvested sensitive credentials such as AWS keys, passwords and Snowflake tokens.
Google’s Threat Intelligence Group has estimated that more than 700 organisations may have been impacted. For Tenable, the exposure was limited to case subject lines, initial case descriptions and basic business contact information stored in Salesforce. The company stressed that its products and the data within them were not affected. In response, Tenable revoked and rotated credentials, disabled the Drift integration and further hardened its systems.
Why It Matters: The Tenable incident highlights how attackers are increasingly exploiting third party integrations to infiltrate trusted platforms. The campaign shows how a single compromise in the software supply chain can cascade across hundreds of organisations, including major security vendors.
The breach underscores the importance of closely monitoring third party connections, enforcing strict credential management and adopting layered defences that extend beyond internal systems. Even cybersecurity firms can become victims, demonstrating the sophistication of today’s threat actors and the ongoing need for vigilance in managing external dependencies.
Get the stories that matter to you. Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Sign up for Cyber News Centre
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead.
Instructure has confirmed that a criminal threat actor accessed Canvas user information and messages, while ShinyHunters claims a far larger education-sector data haul affecting millions of students, teachers, and institutions worldwide.
Trellix says attackers gained unauthorised access to part of its source code repository, but has found no evidence that its release pipeline was affected or that code was exploited.
The UK’s 2025/2026 Cyber Security Breaches Survey shows 43% of businesses and 28% of charities reported a cyber incident in the past year. The headline is not just persistence; it is operational exposure. Phishing remains the dominant route in, education is absorbing heavier pressure, and supplier-r
SAP npm packages poisoned with credential-stealing malware in "Mini Shai-Hulud" attack. Malicious preinstall hooks harvest GitHub tokens, cloud keys and CI/CD secrets. Attackers weaponise AI agent configs for persistence, turning Claude and VS Code settings into execution paths.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
