Risky Bulletin

Risky Bulletin: Klue breach impacts security firms

In other news: Hacker breaches Brazil's national alert system; North Korean hackers are behind the Mastra supply chain attack; new unfixable exploit in Apple's A12/A13 chips.

Catalin Cimpanu

Catalin Cimpanu

11 min read
Share
Risky Bulletin: Klue breach impacts security firms

This newsletter is brought to you by Trail of Bits. You can subscribe to an audio version of this newsletter as a podcast by searching for "Risky Business" in your podcatcher or subscribing via this RSS feed. You can also add the Risky Business newsletter as a Preferred Source to your Google search results by going here.

At least five security firms have had their Salesforce business accounts pilfered as part of a hacking spree that was traced back to business intelligence platform Klue.

The Klue breach took place last week, the company admitted in a blog post.

Hackers accessed its platform via "a compromised legacy credential associated with an integration service" and then stole OAuth tokens that customers had used to connect Klue to other third-party services, such as Salesforce.

After stealing the tokens, the hackers began connecting to the customers' Salesforce accounts and downloading their data, which triggered alerts at Huntress and ReliaQuest, both of which began investigating and later notified Klue about it.

So far, eight companies have confirmed Klue-related breaches. Known victims so far include: 

Klue says it's now working with CrowdStrike to investigate the incident further. What is sure right now is that the victim list is likely to grow larger in the coming weeks as Klue starts notifying other customers.

The company has moved to evict the intruders and cut off their access by revoking credentials, tokens, and active integrations.

Besides Salesforce, Klue has other integrations for Hubspot, Zoom, Google Drive, and other services, but Salesforce is typically where the sensitive financial and PII details are usually stored, so it's no mystery why they went after that integration first.

A new hacking group calling it Icarus has taken credit for the hack via an entry on their dark web leak site over the weekend. Not much is known about the group so far.

Icarus is trying to extort Klue and has also warned companies that if the platform doesn't wanna pay they should reach out to them as well to avoid having the stolen data leaked. Lovely!

The incident has all the hallmarks of a classic ShinyHunters campaign, like their original attacks on Salesforce, Salesloft Drift, and Gainsight, so don't be surprised if this is a fake persona or an offshoot/collaborator who left the group and is running their own thing.

Risky Business Podcasts

The main Risky Business podcast is now on YouTube with video versions of our recent episodes. Below is our latest weekly show with Pat, Adam, and James at the helm!

Breaches, hacks, and security incidents

Hacker breaches Brazil's national alert system: The Brazilian government has taken down its national emergency alert system after a hack on Friday. The hacker sent an extreme-level alert across five regions, including the big cities like São Paulo, Rio de Janeiro, and capital Brasilia. The message contained only the word misantropy—meaning hatred and mistrust of humankind. [O Globo // Defesa Civil Nacional]

Source

Okendo Reviews supply chain incident: A threat actor has compromised a popular product review widget integrated on more than 18,000 online stores and brands. The attacker injected JavaScript code that prompted users with a ClickFix attack, luring them to copy-paste malicious commands on their system terminal. The Okendo Reviews team restored the widget to a safe version on May 14 when they were notified of the incident. Security firm Zscaler linked the incident to a threat actor tracked as SmartApeSG, known for campaigns deploying infostealers and remote access trojans. [Zscaler]

Gizmodo hosts ClickFix: A ClickFix lure has been spotted on Gizmodo's homepage, a domain listed in the Tranco 2000.

Post by @Ffforward@infosec.exchange
View on Mastodon

MEV bot hacked for $7.5m: Hackers have stolen $7.5 million from JaredFromSubway.eth, one of the largest MEV bots on the Ethereum blockchain. The hackers allegedly set up contracts preparing the exploit weeks ahead of the attack. The exploit involved setting up fake market opportunities but then draining funds from the bot instead. The incident garnered praise in the cryptocurrency community because JaredFromSubway is a notorious malicious MEV bot, known for Sandwich attacks on normal crypto owners. [CoinDesk]

General tech and privacy

Mastodon now supports newsletters: The Mastodon platform will now let selected power users run newsletters on the platform and send selected toots as an email newsletter to subscribed users. [Mastodon]

PyPI traffic explosion: PyPI has seen a traffic explosion of almost 20% from March to May, from 136.7 billion downloads to 163.8 billion, mainly driven by AI and ML packages, as well as the rise of LLM orchestration and agent frameworks. [ClickPy]

Codeberg struggling with performance: Codeberg, a platform that provides free hosting to open-source projects, says it's having performance issues for the past weeks due to massive abuse. Wanna bet it's AI crawlers? [Codeberg]

Android dev verification scheduled for next year: Google will enable its new developer verification system starting next year. All Android apps installed from the Play Store and six other app stores will need to come from a verified developer account. Apps without a developer verification will have to be sideloaded. The new dev verification requirement will be enabled in Brazil, Indonesia, Singapore, and Thailand in October for a trial run before going global next year. [Android Developers Blog]

EA has an ad division now: After being acquired by a Saudi and Trump-backed investment fund, EA is establishing an ad division to insert paid advertising in its games and help pay back some of that $55 billion acquisition price. [EA]

Kansas City to deploy facial recognition in buses: Kansas City, Missouri, will roll out facial recognition software for security cameras installed in public buses. [Associated Press]

Anthropic introduces age verification: AI company Anthropic will start verifying the age of Claude users starting next month. Some customers will have to provide a scan of a government ID and an image or recording of their face. The verification process will be handled by Persona, the same company that Discord had to ditch after intense user pushback. The new changes enter into effect on July 8. [Anthropic // Biometric Update]

Linux removes strncpy: The Linux Kernel team has removed the strncpy API from the kernel code. The API will be fully removed in version 7.2. The strncpy function allows developers to copy strings from one process to another and has long been a source of security bugs. [Phoronix // Linux kernel]

GitHub to limit pull requests: GitHub project admins will be able to limit the number of pull requests users can make on their projects. The new feature is meant to help maintainers deal with the influx of AI-driven activity. Maintainers will be able to set a custom limit per project and add trusted contributors to which the restriction doesn't apply. [GitHub]

Government, politics, and policy

Estonia to issue IDs to AI bots: The Estonian government will issue national personal ID numbers to AI agents to track their activity if they replace a human for official work. Prime Minister Kristen Michal has provided his backing for the proposal, coming from the country's new Government AI Council. [EESTI // Yahoo News]

In this Risky Business sponsor interview, Tom Uren talks to Trail of Bits CEO Dan Guido about how Trail of Bits is reworking its business processes to take advantage of AI. Dan talks about what it takes to make AI agents reliable and trustworthy and how that will give the company an edge by making its work both better and faster. 

Arrests, cybercrime, and threat intel

Three phishers arrested in the Netherlands: Dutch police have detained three suspects for their role in a massive phishing and smishing scheme. The campaigns posed as the Dutch Tax and Customs Administration and other government agencies. The suspects were detained after 11 victims reported financial losses to authorities. [Dutch Police]

SMS blaster ringleader sentenced to prison: A 43-year-old Chinese national was sentenced to four years in prison for his role in running a SMS blaster scheme. Di Li provided SMS blaster equipment and cars to individuals who fell in gambling debt. Individuals were told to drive around London and send SMS spam as a way to repay their credit. Li was arrested last September, months after one of his underlings was detained and sentenced to one year in prison. [City of London Police]

Texas GOP hacker pleads guilty: A Canadian man has pleaded guilty to hacking the Texas Republican Party website in 2021. Aubrey Cottle hacked the party's web hosting account where he altered the site and stole a file holding the personal data of party members. Cottle was identified after he took credit for the hack on social media. He was arrested last year in March. He's set to be sentenced on Friday. Canadian authorities are seeking a sentence of 2.5 years in prison, reduced by time served. [The Globe and Mail] [h/t DataBreaches.net]

Police hackathon uncovers CSAM accounts: An Interpol hackathon in May uncovered 18 accounts on subscription-based websites that engaged in human trafficking and sexual exploitation. Officers from seven European countries scanned the internet and social media in May for telltale signs of illegal activity. Scans discovered recruiters, content producers, recruiting ads, payment platforms, and AI-generated profiles. [Interpol]

Fake Google npm account: An npm account impersonating Google (@withgoogle) is spreading libraries laced with a credentials harvester. [SafeDep]

GitHub removes 10k malicious repos: GitHub has removed almost 10,000 malicious repositories that manipulated the platform to gain visibility and infect users with malware. The repositories submitted new code commits every hour to gain visibility on both GitHub and search results. Most repos copied their content from legitimate projects but added a malware loader on top. [Orchid Files]

Number one on HN. Second time in the last 30 days.

[image or embed]

— Orchid (@orchidfiles.com) June 18, 2026 at 10:48 PM

Slack link previews as C2: Security researcher Hugo V. has developed a technique to hide C2 activity or exfil data via Slack's normal link preview traffic. [RWXStoned]

FortiBleed analysis: Fortinet has published its own summary on the FortiBleed incident from last week, when threat actors targeted internet exposed FortiGate devices to harvest VPN authentication hashes and then crack them offline to recover the passwords. [Fortinet]

FortiBleed also targeted MSSQL and Sophos: The threat actor who exploited Fortinet devices to steal VPN authentication hashes in a series of attacks known as FortiBleed has also launched attacks against Microsoft SQL database servers and Sophos firewalls. The additional attacks were detected by the security team at Palo Alto Networks. The company says the attacks didn't target its firewalls (yet). A known initial access broker has taken credit for the campaign in a dark web forum post. [Palo Alto Networks]

Malware technical reports

Vidar updates: The Vidar infostealer is still alive and now has a new bypass for Chrome's new Application-Bound Encryption (ABE). [Gen Digital]

Bluekit PhaaS: CloudSEK looks at Bluekit, a new PhaaS that launched back in May and is advertised through a dark web portal. The platform boasts about a lot of features, but adoption is still low. [CloudSEK]

Giving employees AI tools doesn't make a company AI native. Trail of Bits founder and CEO Dan Guido explains the difference — and the operating system his 150-person security firm built to actually get there. 

APTs, cyber-espionage, and info-ops

Campaign targets Thailand's health sector: A threat actor is behind a very concentrated malspam campaign looking to compromise Thailand's health sector, with targets ranging from ministry officials to hospital staff and private clinics. [Seqrite]

Microsoft links Mastra incident to Sapphire Sleet: A North Korean hacking group known as Sapphire Sleet (aka BlueNoroff) was behind the supply chain attack on the Mastra AI framework's npm packages. The server infrastructure used in the attack was also used in previous Sapphire Sleet activity, according to Microsoft's security team. This is the group's second supply chain attack this year after a similar one against the Axios JavaScript HTTP client in April. [Microsoft]

Microsoft attributes the Mastra npm supply chain compromise to Sapphire Sleet, a North Korean actor that primarily targets the financial sector. Microsoft has observed use of known Sapphire Sleet infrastructure, malware, and tactics following compromise. msft.it/63320vmpSC

[image or embed]

— Microsoft Threat Intelligence (@threatintel.microsoft.com) June 19, 2026 at 11:35 PM

Vulnerabilities, security research, and bug bounty

usbliter8 vulnerability in A12/A13 chips: A vulnerability in Apple A12 and A13 chips can allow attackers to run malicious code inside the SecureROM of Apple devices. Physical access is required to plug in an USB device to run the exploit. The vulnerability, nicknamed usbliter8, abuses a hardware bug and is unpatchable. The A12 and A13 chips are used with the iPhone 11 lineup, iPhone XR, iPhone XS, and iPhone SE. [Paradigm Shift]

Squidbleed 29yo vulnerability: A vulnerability can leak the memory of Squid proxies and expose traffic going through the server. Nicknamed Squidbleed (CVE-2026-47729), the issue impacts all Squid servers released over the past 29 years. The bug impacts servers in the default configuration. The issue's severity is mitigated by the wide use of HTTPS, which now protects traffic even if leaked. Patches were released earlier this month. [Calif // Squid // Patches]

GNU Savannah security update: The Free Software Foundation has patched a security issue in the GNU Savannah project hosting platform. The issue was discovered in May but details are still being kept secret until all Savannah server and mirror operators roll out patches. The Free Software Foundation says the issue could have enabled supply chain attacks on GNU-related projects. The security issue was discovered by AI security firm Hacktron. [Free Software Foundation]

AutoJack technique: Microsoft details a new technique that can be leveraged for RCE attacks on hosts running local AutoGen Studio MCP servers. [Microsoft]

Infosec industry

Threat/trend reports: NSFOCUS and Red Canary have recently published reports and summaries covering various threats and infosec industry trends.

Acquisition news: Cisco will acquire identity security company WideField Security to boost Splunk's agentic AI capabilities. [Cisco]

New tool—Session Switcher: Security firm Doyensec has open-sourced Session Switcher, a Burp extension to switch header session data on the fly.

New tool—Lore: Epic Games has open-sourced Lore, a next-generation open source version control system.

New tool—Myna: Canonical has released Myna, a speech-to-text toolkit for Ubuntu.

New tool—QuantumHello: SensePost's Dominic White has released QuantumHello, a tool to check if a site supports post-quantum encryption.

Security Fest 2026 videos: Talks from the Security Fest 2026 security conference, which took place in May, are available on YouTube.

Risky Business podcasts

In this episode of Risky Business Features, James Wilson and Brad Arkin talk about how to safely use open weight large language models in the enterprise. 

Read more