market intelligence platform klue was compromised june 11-12 2026 via an unauthorized backend command that pushed a code update harvesting oauth tokens across customer integrations including salesforce, hubspot, sharepoint, slack, zoom, google drive, and several revenue intelligence platforms. a separate operation, fortibleed, was exposed when an attacker's own server directory was left open, revealing gpu-powered credential cracking and access sales. dragonforce ransomware actors were also found routing command traffic through microsoft's own turn relay infrastructure during a multi-month intrusion, using a custom go backdoor. three separate campaigns in one cycle, each exploiting a different layer of the enterprise software stack — tokens, credentials, and trusted relay channels respectively.