Cybersecurity firm Tenable has confirmed it was a victim of a major supply chain attack that compromised customer data. The breach originated from a third-party vendor, Salesloft Drift, and has impacted more than 700 organisations.
Western Sydney University reveals a staggering $53 million cost to manage a series of cyber attacks allegedly carried out by a former student. The breach exposed the data of 10,000 students, including passports, visas, and financial details, prompting a major response and police action.
Microsoft 365 remains healthcare’s weakest security link, with breaches rising from 43% in 2024 to 52% in mid-2025. Patient data exposure, soaring costs, and AI-driven cyberattacks in Australia highlight urgent gaps. Policymakers face mounting pressure to safeguard data sovereignty.
Cybersecurity firm Tenable has confirmed it was a victim of a major supply chain attack that compromised customer data. The breach originated from a third-party vendor, Salesloft Drift, and has impacted more than 700 organisations.
Cyber News Centre's cyber update for 10th September 2025: Tenable has confirmed it was a victim of a major supply chain attack that compromised customer data. The breach originated from a third-party vendor, Salesloft Drift, and has impacted more than 700 organisations.
Tenable is a publicly traded cybersecurity company that provides vulnerability management solutions. Its products are used by organisations to identify and manage their cybersecurity risks.
The Update: Cybersecurity firm Tenable has confirmed it was among hundreds of organisations affected by a supply chain style data theft campaign involving Salesforce and the Salesloft Drift integration. Attackers are believed to have gained access to Salesloft’s GitHub account between March and June 2025 and later used stolen OAuth tokens from Drift to extract data between August 8 and August 18. The campaign, attributed to the group known as UNC6395, targeted Salesforce environments and harvested sensitive credentials such as AWS keys, passwords and Snowflake tokens.
Google’s Threat Intelligence Group has estimated that more than 700 organisations may have been impacted. For Tenable, the exposure was limited to case subject lines, initial case descriptions and basic business contact information stored in Salesforce. The company stressed that its products and the data within them were not affected. In response, Tenable revoked and rotated credentials, disabled the Drift integration and further hardened its systems.
Why It Matters: The Tenable incident highlights how attackers are increasingly exploiting third party integrations to infiltrate trusted platforms. The campaign shows how a single compromise in the software supply chain can cascade across hundreds of organisations, including major security vendors.
The breach underscores the importance of closely monitoring third party connections, enforcing strict credential management and adopting layered defences that extend beyond internal systems. Even cybersecurity firms can become victims, demonstrating the sophistication of today’s threat actors and the ongoing need for vigilance in managing external dependencies.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Western Sydney University reveals a staggering $53 million cost to manage a series of cyber attacks allegedly carried out by a former student. The breach exposed the data of 10,000 students, including passports, visas, and financial details, prompting a major response and police action.
Canadian fintech firm Wealthsimple has disclosed a data breach affecting 30,000 clients after a third-party vendor was compromised. The incident exposed sensitive personal information, including Social Insurance Numbers, prompting an immediate response and enhanced security measures.
Australian businesses face a 1,265% surge in AI-powered phishing attacks. Cybercriminals use deepfakes, adaptive malware, and hyper-personalised scams while employees inadvertently leak data through AI tools. Expert insights reveal dual threats and essential protection strategies.
Tire giant Bridgestone has confirmed a cyberattack that disrupted manufacturing across its North American facilities. The company is investigating the incident but believes it was contained early, with no customer data compromised. Production has been impacted at multiple plants.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
