Zscaler confirmed that it's been affected in the recent supply chain compromise at Salesloft, the revenue platform. Attackers exploited a vulnerability in Drift, one of Salesloft’s integrations, exposing customer data and leaving downstream companies like Zscaler vulnerable.

What's the Implication of this

Supply chain attacks are on the rise because they hit multiple targets at once. Even companies with mature cybersecurity programs, like Zscaler, can be blindsided when a trusted partner is breached. This shows how fragile digital ecosystems can be, especially when third party tools are embedded deep into business workflows.

What You Can Do

Below are practical ways to keep your organization safe and prevent these types of attacks:

Audit integrations: Regularly review third-party tools connected to your systems.

Limit access: Apply least privilege policies to reduce exposure.

Use zero trust: Never assume vendor platforms are safe; authenticate every access.

Monitor continuously: Keep watch for anomalies that can lead to incidents, even in trusted SaaS connections.

Report suspicious activity: Zscaler advises that they be contacted only via authorised channels. And that any suspicious phishing activity be reported to their email security@zscaler.com.

...

The Salesloft breach reminds us that your security is only as strong as your weakest integration. SaaS supply-chains are attractive targets, treat them with the same scrutiny as your core infrastructure.

Loved this? Join our newsletter for more updated cyber news and insights to stay safe.