Threat Briefing: September 5, 2025

The week’s biggest cyber story: attackers weaponized Salesloft Drift in a supply chain attack that impacted hundreds of organizations, including Cloudflare and Palo Alto Networks. Elsewhere, attackers weaponized AI tools like HexStrike to exploit Citrix flaws within days of disclosure, and Cloudflare fended off a record-breaking 11.5 Tbps DDoS attack.

• Salesloft Drift Breach Ripples Across Tech Giants – A supply chain attack on Salesloft Drift compromised Salesforce integrations at major firms, including Cloudflare, Zscaler, and Palo Alto Networks. The incident exposed customer data and impacted hundreds of organizations over a 10-day span in August 2025. CyberScoop
• Threat Actors Turn HexStrike AI Against Citrix Within Days of Disclosure – Originally built for security testing, HexStrike AI has been repurposed by attackers to automate exploitation of Citrix vulnerabilities. This shift drastically shortens the window between vulnerability disclosure and real-world attacks. The Hacker News
• TP-Link Alerts Users to Botnet Targeting Microsoft 365 via Vulnerable Routers – TP-Link has identified the Quad7 botnet exploiting flaws in Archer C7 and TL-WR841N/ND routers to launch attacks on Microsoft 365 accounts. Users are urged to apply firmware updates immediately to prevent botnet infection and password-spraying attacks. Malwarebytes
• Cloudflare Stops Record 11.5 Tbps DDoS Attack – Cloudflare successfully mitigated a massive 11.5 Tbps DDoS attack originating from Google Cloud that lasted 35 seconds. With hyper-volumetric attacks rising to 6,500 in Q2 2025, the incident underscores the escalating scale of cyber threats and the critical need for resilient network defenses. The Hacker News
• Amazon Thwarts APT29 Watering Hole Attack Targeting Microsoft Authentication – Amazon successfully disrupted a watering hole campaign attributed to Russia’s APT29 group, which aimed to compromise websites and redirect visitors to malicious domains to steal credentials. The attack was quickly neutralized by Amazon’s security team before any accounts were compromised. The Record from Recorded Future News