Goodbye, Skeleton Keys: Why Machine Identity Broke IAM, and What SPIFFE Is Doing About It

Cloudflare published its own forensic timeline of the Salesloft Drift breach down to the minute, and it’s worth sitting with the detail for a second. 

At 11:51 on August 9, 2025, an actor researchers track as GRUB1 tried to validate a stolen Cloudflare API token against the Salesforce API using TruffleHog’s user-agent string — a tool built for finding leaked secrets, repurposed here to confirm one actually worked. That attempt failed. At 22:14, it didn’t. 

This article has been indexed from DZone Security Zone

Read the original article: