Elliott Investment Management Takes Multibillion-Dollar Stake in Synopsys 
Goldman Sachs Raises ECB Rate Hike Forecast Amid Persistent Energy-Driven Inflation 
SK Hynix Eyes Up to $14 Billion U.S. IPO to Fund AI Chip Expansion 
Valero Port Arthur Refinery Explosion Prompts $1M Lawsuit Over Worker Safety Negligence 
Trump White House Unveils National AI Policy Framework for Congress 
SpaceX IPO Filing Expected This Week as Valuation Could Surpass $75 Billion 
Reflection AI Eyes $25 Billion Valuation in Massive $2.5 Billion Funding Round 
Innate Pharma Reports 55% Revenue Drop and €49.2M Net Loss for 2025 
Nanya Technology Shares Surge 10% After $2.5 Billion Private Placement from Sandisk and Cisco 
Judge Dismisses Sam Altman Sexual Abuse Lawsuit, But Sister Can Refile 
AWS Bahrain Region Disrupted by Drone Activity Amid Middle East Conflict 
Finnair Orders 18 Embraer E195-E2 Jets in Landmark Fleet Overhaul 
OpenAI Pulls the Plug on Sora, Ending $1 Billion Disney Partnership 
Amazon's "Transformer" Phone: Can It Succeed Where Fire Phone Failed? 
Nintendo Switch 2 Production Cut as Holiday Sales Miss Targets 
Meta Ties Executive Pay to Aggressive Stock Price Targets in Major Retention Push 
Super Micro Computer Shares Plunge After Co-Founder Charged in AI Chip Smuggling Case 
Salesforce announced that it is investigating unusual activity involving Gainsight-published applications after discovering that the integrations may have exposed certain customers’ Salesforce data. According to a statement posted on Salesforce’s status portal, the affected applications — which customers install and manage within their own environments — may have enabled unauthorized access to customer data. As a precaution, Salesforce revoked all active access to Gainsight’s apps. The company emphasized that there is currently no evidence suggesting the incident stemmed from a vulnerability in the Salesforce platform itself.
Gainsight acknowledged the situation on its website, confirming that it is working closely with Salesforce to understand the activity that prompted the revocation of access tokens for its applications. While Gainsight did not immediately respond to further inquiries, the incident has already raised concerns about the broader risks associated with software integrations across cloud platforms.
Cybersecurity experts note that attackers are increasingly targeting third-party integrations rather than core platforms. These integrations often hold powerful permissions, making them valuable entry points for unauthorized access. Jaime Vasco, cofounder of Nudge Security, highlighted this shift, explaining that attackers can exploit privileged integrations without compromising a company’s main infrastructure. He described this trend as a new and expanding attack surface.
Recent incidents across the tech ecosystem underscore this pattern. Just last month, Google revealed that a security weakness within Oracle’s E-Business Suite had potentially impacted more than 100 organizations. Earlier this year, Google also reported that hackers tricked employees of Salesforce customers into downloading a modified version of Salesforce’s Data Loader tool, granting attackers access to sensitive data.
As Salesforce and Gainsight continue their investigation, the incident serves as a reminder of the growing importance of securing third-party integrations within cloud environments. Companies relying on SaaS tools must enhance their monitoring and adopt tighter controls to prevent unauthorized access through privileged integrations.
