On August 20, 2025, cybersecurity teams across Fortune 500 companies scrambled to assess the damage from one of the most sophisticated supply chain attacks in API security history. Google's Threat Intelligence Group had just revealed that attackers had systematically compromised Salesforce instances through a trusted third-party integration—Salesloft Drift. The breach didn't exploit a vulnerability in Salesforce itself, nor did it require sophisticated zero-day exploits. Instead, attackers leveraged something far more insidious: the implicit trust that developers place in third-party API responses.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Unsafe Consumption of APIs

  • Roman Canlas

摘要

On August 20, 2025, cybersecurity teams across Fortune 500 companies scrambled to assess the damage from one of the most sophisticated supply chain attacks in API security history. Google's Threat Intelligence Group had just revealed that attackers had systematically compromised Salesforce instances through a trusted third-party integration—Salesloft Drift. The breach didn't exploit a vulnerability in Salesforce itself, nor did it require sophisticated zero-day exploits. Instead, attackers leveraged something far more insidious: the implicit trust that developers place in third-party API responses.