Threat actor ‘Icarus’ compromised Klue and weaponized its pre-authorized OAuth connection to exfiltrate CRM data from downstream Salesforce customer organizations. This is an OAuth credential abuse supply chain attack, not a Salesforce platform vulnerability. Organizations that integrated Salesforce with Klue should revoke the OAuth token immediately and treat their CRM data as potentially compromised.