News

Security Boulevard9d

Behind the Salesforce OAuth Drift Breach

In recent weeks, major companies like Palo Alto Networks, Zscaler, Cloudflare, and SpyCloud have all confirmed they were ...
CPO Magazine5d

New Round of Stolen OAuth Tokens Obtained From Salesloft Drift Platform Led to Compromise of Cloudflare, Palo Alto Networks & Zscaler

An as-of-yet undiagnosed compromise of the Salesloft Drift AI-driven platform has led to a rash of stolen OAuth tokens, in turn creating downstream breaches at some of the biggest names in the ...
SiliconANGLE1y

Potential OAuth lapses could have led to significant data breaches, warns Salt Labs

A new report released today by application programming interface security startup Salt Security Inc. warns of significant vulnerabilities in several major online platforms’ social sign-in and Open ...
Android8mon

Google’s OAuth flaw is potentially exposing millions of accounts

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...
Security Boulevard4d

How New Supply Chain Attacks Challenge SaaS Security: Lessons from UNC6395, UNC6040, and ShinyHunters

SaaS supply chain attacks exploit SaaS-to-SaaS connections using stolen OAuth tokens. Get practical steps to reduce your risk ...

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in ...
Bleeping Computer4y

Microsoft warns of increasing OAuth Office 365 phishing attacks

Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. These attacks were part of ...