News

Security Boulevard5d

Behind the Salesforce OAuth Drift Breach

In recent weeks, major companies like Palo Alto Networks, Zscaler, Cloudflare, and SpyCloud have all confirmed they were ...
Forbes3y

Security Warning For Facebook Users Who Login With Gmail OAuth Code

How do you sign into services? Because a newly disclosed Facebook exploit might change how you go about it in future... In an eye-opening blog post, security researcher Youssef Sammouda has revealed ...
CPO Magazine6d

Hackers Steal OAuth Tokens via Salesloft Drift Integrations in Massive Salesforce Data Theft

Google Threat Intelligence Group has tracked threat actor UNC6395 stealing OAuth tokens via Salesloft Drift integrations in a ...
Security Boulevard1d

How New Supply Chain Attacks Challenge SaaS Security: Lessons from UNC6395, UNC6040, and ShinyHunters

SaaS supply chain attacks exploit SaaS-to-SaaS connections using stolen OAuth tokens. Get practical steps to reduce your risk ...
SiliconANGLE1y

Potential OAuth lapses could have led to significant data breaches, warns Salt Labs

A new report released today by application programming interface security startup Salt Security Inc. warns of significant vulnerabilities in several major online platforms’ social sign-in and Open ...

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in ...
The Hacker News11d

Google Warns Salesloft Drift Breach Impacts All Drift Integrations Beyond Salesforce

Google expands Salesloft Drift breach scope beyond Salesforce; Salesloft says core platform safe, isolated to Drift app.
Bleeping Computer4y

Microsoft warns of increasing OAuth Office 365 phishing attacks

Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. These attacks were part of ...