News

Security Boulevard2d

UNC6395 and the Salesloft Drift Attack: Why Salesforce OAuth Integrations are a Growing Risk

A recent UNC6395 Salesloft Drift breach reveals Salesforce SaaS risks. Learn how to simplify breach detection, prevention, ...
Cybernews2d

Massive attack hits Salesforce users: hackers exfiltrating data with stolen third-party app credentials

Hackers have stolen large volumes of data from numerous corporate Salesforce instances. They abused compromised access tokens ...
Security Boulevard2d

OAuth Device Flow Vulnerabilities: A Critical Analysis of the 2024-2025 Attack Wave

ShinyHunters compromised Google, Qantas & dozens more using OAuth device flow attacks—bypassing MFA without exploiting a single software bug. My deep-dive analysis reveals how they did it and what ...
VentureBeat3y

Hackers use stolen OAuth access tokens to breach dozens ... - VentureBeat

Last week, GitHub Security researchers reported that an unknown attacker is using stolen OAuth user tokens issued to Heroku and Travis-CI to download data from dozens of organization’s private ...
The Register on MSN8d

Microsoft makes MCP in Visual Studio GA but researchers warn of risks

Compositional risk from multiple MCP Servers highlighted by report Microsoft has declared general availability for MCP (model ...
CSOonline2y

Threat actors abuse Microsoft’s “verified publisher” status to ...

Proofpoint discovers threat actors targeting verified status in the Microsoft environment to abuse OAuth privileges and lure users into authorizing malicious apps.
Ars Technica6y

Gmail’s API lockdown will kill some third-party app access, starting ...

Gmail’s API lockdown will kill some third-party app access, starting July 15 Google emails users: "the following apps may no longer be able to access your data." ...