News

Security Boulevard11d

UNC6395 and the Salesloft Drift Attack: Why Salesforce OAuth Integrations are a Growing Risk

A recent UNC6395 Salesloft Drift breach reveals Salesforce SaaS risks. Learn how to simplify breach detection, prevention, ...
Cybernews11d

Massive attack hits Salesforce users: hackers exfiltrating data with stolen third-party app credentials

Hackers have stolen large volumes of data from numerous corporate Salesforce instances. They abused compromised access tokens ...
Security Boulevard11d

OAuth Device Flow Vulnerabilities: A Critical Analysis of the 2024-2025 Attack Wave

ShinyHunters compromised Google, Qantas & dozens more using OAuth device flow attacks—bypassing MFA without exploiting a single software bug. My deep-dive analysis reveals how they did it and what ...

Salesloft Drift: Login token misused for data theft

The AI platform Salesloft Drift has a security problem that attackers are exploiting to extract large amounts of data from Salesforce, for example.
Ars Technica6y

Gmail’s API lockdown will kill some third-party app access, starting ...

Gmail’s API lockdown will kill some third-party app access, starting July 15 Google emails users: "the following apps may no longer be able to access your data." ...