[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5Z9Tojcp-zxHhpEsFIER914Qydp5PWKy5wTxQk0fr6c":3},{"article":4,"iocs":51},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":29,"category":30,"article_tags":33},"4328a2f0-4d5f-421f-8fd7-4ff5a0fc088f","Scope of Salesforce Attacks Expands as Icarus Leaks Data","scope-of-salesforce-attacks-expands-as-icarus-leaks-data-3f9fd0","More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.","The scope of recent attacks has widened as the Icarus threat actor claims to have exfiltrated data from multiple Salesforce customers. The attackers initially compromised application vendor Klue, exploiting its OAuth tokens to gain unauthorized access to customer data stored within Salesforce. This incident highlights the risks associated with third-party access and the potential for supply chain attacks to impact downstream customers.","Salesforce data stolen via Klue OAuth token breach, Icarus threat actor claims responsibility.",null,"https:\u002F\u002Fwww.darkreading.com\u002Fcyberattacks-data-breaches\u002Fscope-salesforce-attacks-expands-icarus-leaks-data","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fbltbcd2c419f66a3c63\u002F6a3ae54669022cd7ac4f9ae3\u002Fdatatheft-mikkelwilliam-Getty-2152310845.jpg?width=720&quality=80&disable=upscale","2026-06-23T20:44:09+00:00","2026-06-23T22:00:35.473119+00:00",8,[18,21,23,26],{"name":19,"type":20},"Salesforce","product",{"name":22,"type":20},"OAuth tokens",{"name":24,"type":25},"Klue","vendor",{"name":27,"type":28},"Icarus","threat_actor","2e06f76c-d5b9-4f54-9eef-4d3447b10730",{"id":29,"icon":11,"name":31,"slug":32},"Breaches","breaches",[34,39,44,46],{"category":35},{"id":36,"icon":11,"name":37,"slug":38},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":40},{"id":41,"icon":11,"name":42,"slug":43},"2c8f44d4-b56e-47cf-9677-04f22c9ee78d","Identity & Access","identity-access",{"category":45},{"id":29,"icon":11,"name":31,"slug":32},{"category":47},{"id":48,"icon":11,"name":49,"slug":50},"c70f3a41-2f0c-4608-870d-b8cbcd8be076","Cloud Security","cloud-security",[52],{"type":53,"value":27,"context":54},"malware","Threat actor group claiming responsibility for the Salesforce data theft."]