✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Marketing/Advertising/Sales
Breach intelligence, attack campaigns, and threat reports targeting the Marketing/Advertising/Sales sector.
Explore Other Sectors
Marketing/Advertising/Sales Threat Reports
Critical Vulnerability in Popular Chrome Extension Puts Millions at Risk
In June 2026, security researchers discovered that the popular Chrome extension 'Adblock for YouTube' (ID: cmedhionkhpnakcndndgjdbohmhepckk), with over 11 million installs, contained a dormant capability to execute arbitrary JavaScript code on any website. This vulnerability could be activated remotely by a server-side configuration change, potentially allowing attackers to read user data, steal sensitive information, and perform actions on behalf of the user across various web applications. The extension's permissions and architecture facilitated this exploit without requiring an update or user intervention, posing a significant security risk to its extensive user base. This incident underscores the growing threat posed by malicious or compromised browser extensions, especially those with large user bases and extensive permissions. As browser ecosystems evolve, the potential for such extensions to be weaponized increases, highlighting the need for rigorous security assessments, continuous monitoring, and user education to mitigate risks associated with third-party extensions.
14 hours ago
Kill Chain
LastPass Data Breach via Klue Supply Chain Attack in 2026
In June 2026, LastPass experienced a data breach resulting from a supply chain attack on Klue, a third-party market intelligence platform integrated with LastPass's Salesforce environment. Attackers exploited compromised OAuth tokens obtained from Klue to access LastPass customer data, including names, phone numbers, email addresses, physical addresses, support case information, and sales-related data. Importantly, LastPass's core products, services, and customer vaults remained unaffected. ([blog.lastpass.com](https://blog.lastpass.com/posts/klue-supply-chain-incident-and-lastpass-response?utm_source=openai)) This incident underscores the escalating risks associated with third-party integrations and supply chain vulnerabilities. Organizations must reassess their security postures, particularly concerning external partnerships, to mitigate potential threats arising from interconnected systems.
2 days ago
Kill Chain
ShapedPlugin WordPress Pro Plugins Compromised in Supply Chain Attack
In June 2026, ShapedPlugin, a developer of premium WordPress plugins, experienced a supply chain attack where attackers compromised the company's update infrastructure. This breach led to the distribution of backdoored versions of several plugins, including Product Slider Pro for WooCommerce, Real Testimonials Pro, and Smart Post Show Pro. The malicious code, activated upon administrator access to the WordPress dashboard, connected to a command-and-control server to download additional payloads, resulting in unauthorized access and data exfiltration. ([thaicert.or.th](https://www.thaicert.or.th/en/2026/06/19/supply-chain-attack-through-shapedplugin-update-system-impacts-wordpress-websites/?utm_source=openai)) This incident underscores the growing threat of supply chain attacks targeting trusted software vendors. It highlights the critical need for organizations to implement robust security measures, including regular code audits and monitoring of update channels, to prevent similar compromises.
3 days ago
Kill Chain
OXLOADER Exploits Google Ads to Distribute CastleStealer Malware
In June 2026, cybersecurity researchers identified a new malware loader named OXLOADER, which is being used to distribute the CastleStealer infostealer. The campaign begins with malicious Google Ads that redirect users searching for 'lts version of node.js' to a counterfeit website. This site delivers a batch script hosted on Storj, which, when executed, downloads and runs OXLOADER. OXLOADER employs advanced obfuscation techniques and anti-analysis measures to evade detection, ultimately deploying CastleStealer to exfiltrate sensitive information from infected systems. This incident underscores the evolving tactics of threat actors who exploit legitimate services like Google Ads and Storj to distribute malware. The sophisticated obfuscation and anti-analysis methods used by OXLOADER highlight the increasing complexity of malware designed to bypass traditional security measures, posing significant challenges for detection and mitigation.
3 days ago
Kill Chain
Critical Vulnerability in Gravity SMTP Plugin Exposes API Keys
In June 2026, a significant security vulnerability (CVE-2026-4020) was discovered in the Gravity SMTP WordPress plugin, affecting approximately 100,000 websites. This flaw allowed unauthenticated attackers to access sensitive information, including API keys and configuration data, through an improperly secured REST API endpoint. Exploitation of this vulnerability enabled threat actors to harvest credentials and gain insights into the site's software stack, potentially facilitating further attacks. The incident underscores the critical importance of promptly updating plugins and securing REST API endpoints to prevent unauthorized data exposure. It also highlights the need for website administrators to regularly audit and monitor their systems for vulnerabilities to mitigate the risk of exploitation.
5 days ago
Kill Chain
Klue OAuth Breach 2026: Lessons in Third-Party Integration Security
In June 2026, Klue, a market intelligence platform, experienced a security breach where attackers exploited a compromised legacy credential to access Klue's integration infrastructure. This allowed them to steal OAuth tokens used to connect Klue with third-party platforms, notably Salesforce. Utilizing these tokens, the attackers accessed and exfiltrated data from multiple customer Salesforce environments. The incident was publicly claimed by the 'Icarus' extortion group, which pressured affected organizations to contact them to prevent the leaking of stolen data. This breach underscores the critical vulnerabilities associated with third-party integrations and the OAuth protocol. It highlights the necessity for organizations to rigorously monitor and manage third-party access, regularly audit integration credentials, and implement robust security measures to prevent unauthorized access through supply chain vectors.
6 days ago
Kill Chain
Critical Vulnerability in Gravity SMTP Plugin: CVE-2026-4020 Exploited
In June 2026, an unauthenticated information disclosure vulnerability (CVE-2026-4020) was discovered in the Gravity SMTP WordPress plugin, affecting versions up to 2.1.4. This flaw exposed sensitive data, including API keys, email service credentials, and system configuration details, to unauthenticated users via an improperly secured REST API endpoint. Exploitation of this vulnerability could lead to unauthorized access and control over affected websites. The incident underscores the critical importance of promptly updating plugins and implementing robust security measures to protect against emerging threats. Organizations must remain vigilant, as attackers continue to exploit such vulnerabilities to gain unauthorized access and compromise sensitive information.
6 days ago
Kill Chain
Salesforce Disables Klue App Integration Following OAuth Token Abuse Incident
In June 2026, Salesforce detected unauthorized access to customer data through the Klue Battlecards app integration. Threat actors exploited OAuth tokens associated with the app to gain access to sensitive information within Salesforce instances. Upon discovery, Salesforce promptly disabled the Klue app integration to prevent further data exposure and initiated a comprehensive investigation into the breach. This incident underscores the escalating threat posed by OAuth token abuse, a technique increasingly leveraged by cybercriminals to bypass traditional authentication mechanisms. Organizations must remain vigilant and implement robust security measures to safeguard against such sophisticated attacks.
6 days ago
Kill Chain
ShapedPlugin Supply Chain Attack: A Wake-Up Call for WordPress Security
In May 2026, ShapedPlugin, a WordPress plugin vendor, experienced a supply chain attack where malicious code was injected into their update system. This breach affected three paid plugins—Product Slider Pro, Real Testimonials Pro, and Smart Post Show Pro—leading to the installation of fake plugins that impersonated WooCommerce components. These malicious plugins stole credentials and granted attackers remote file-writing capabilities. The compromise was identified in June 2026, prompting ShapedPlugin to initiate an investigation and release updated, secure versions of the affected plugins. This incident underscores the growing trend of supply chain attacks targeting software vendors to distribute malware through legitimate update channels. It highlights the critical need for robust security measures in software development and distribution processes to prevent such breaches.
1 week ago
Kill Chain
Klue OAuth Breach 2026: A Wake-Up Call for Third-Party Integration Security
In June 2026, market intelligence platform Klue experienced a security breach where attackers, identified as the 'Icarus' group, exploited OAuth tokens to access and exfiltrate Salesforce CRM data from multiple organizations. The attackers infiltrated Klue's backend systems, deployed malicious code to harvest OAuth tokens, and utilized these tokens to query and extract sensitive data from connected Salesforce instances. This incident led to significant data theft and subsequent extortion attempts targeting the affected organizations. This breach underscores the critical vulnerabilities associated with third-party integrations and the exploitation of OAuth tokens. It highlights the necessity for organizations to implement stringent security measures, including regular audits of third-party applications, prompt revocation of compromised tokens, and continuous monitoring of API activities to detect and mitigate unauthorized access promptly.
1 week ago
Kill Chain
Salesforce Data Breach via Klue App Compromise
In June 2026, threat actors exploited OAuth tokens from Klue's Battlecards app to access Salesforce instances, leading to unauthorized data exfiltration. This incident mirrors previous breaches involving third-party integrations like Salesloft's Drift and Gainsight, highlighting the persistent risks associated with SaaS application connections. The attackers authenticated through a compromised Klue integration service account, generating OAuth tokens that granted access to customers' integrated Salesforce environments. The exfiltration process involved automated scripts querying the Salesforce REST API over a 24-hour period, with some instances experiencing concentrated bursts of nearly a thousand queries in 15 minutes. This breach underscores the critical need for organizations to scrutinize third-party integrations and enforce stringent security measures to protect sensitive data. The recurrence of such attacks emphasizes the importance of continuous monitoring and the implementation of robust security protocols to mitigate risks associated with third-party applications.
1 week ago
Kill Chain
OptinMonster WordPress Plugin Hacked in CDN Supply-Chain Attack
In June 2026, a supply-chain attack targeted WordPress plugins OptinMonster, TrustPulse, and PushEngage, all managed by Awesome Motive. Attackers exploited a vulnerability in the UpdraftPlus plugin to access Awesome Motive's marketing server, obtaining credentials for their content delivery network (CDN). They then injected malicious JavaScript into CDN-hosted files, which, when loaded by websites using these plugins, created rogue administrator accounts and installed backdoor plugins, granting full control over the compromised sites. This incident underscores the critical need for robust security measures in third-party integrations and highlights the growing trend of supply-chain attacks targeting widely-used software components.
1 week ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports