The recent Salesloft Drift breach offered a sobering reminder of how easily trust can be weaponized in today’s SaaS and AI-integrated environments. In this incident, hackers exploited the Drift chatbot, stole OAuth tokens, and used them to obtain data from CRM systems before the tokens could be revoked. In the wake of the incident, many…
Category: OAuth
cyber attack, cyber attacks, data breach, Exploits, Global Security News, OAuth, Security
Palo Alto Networks, Zscaler and PagerDuty Hit in Salesforce Linked Data Breaches
Hackers exploited the Salesloft Drift app to steal OAuth tokens and access Salesforce data, exposing customer details at…
Cybercrime, Cybersecurity, extortion, Global Security News, Google, Google Threat Intelligence Group, Microsoft 365, OAuth, phishing, Salesforce, Social Engineering, Technology, Threats
Salesforce customers duped by series of social-engineering attacks
A financially motivated threat group posing as IT support has intruded the systems of about 20 organizations by duping employees into installing a malicious, illegitimate version of Salesforce’s Data Loader and granting broader access to cloud-based environments, Google Threat Intelligence Group said in a threat report released Wednesday. The attacks, which Google attributes to UNC6040,…
Cybercrime, Cybersecurity, extortion, Global Security News, Google, Google Threat Intelligence Group, Microsoft 365, OAuth, phishing, Salesforce, Social Engineering, Technology, Threats
Salesforce customers duped by series of social-engineering attacks
A financially motivated threat group posing as IT support has intruded the systems of about 20 organizations by duping employees into installing a malicious, illegitimate version of Salesforce’s Data Loader and granting broader access to cloud-based environments, Google Threat Intelligence Group said in a threat report released Wednesday. The attacks, which Google attributes to UNC6040,…
Cybercrime, Cybersecurity, extortion, Global Security News, Google, Google Threat Intelligence Group, Microsoft 365, OAuth, phishing, Salesforce, Social Engineering, Technology, Threats
Salesforce customers duped by series of social-engineering attacks
A financially motivated threat group posing as IT support has intruded the systems of about 20 organizations by duping employees into installing a malicious, illegitimate version of Salesforce’s Data Loader and granting broader access to cloud-based environments, Google Threat Intelligence Group said in a threat report released Wednesday. The attacks, which Google attributes to UNC6040,…
AI, Best Practices, Cloud Security, Global Security News, Kubernetes, OAuth, Security Bloggers Network, workloads
MCP, OAuth 2.1, PKCE, and the Future of AI Authorization
6 min readThe MCP authorization spec sets a new standard for securing non-human AI agents – with lessons for anyone building autonomous, scalable systems. The post MCP, OAuth 2.1, PKCE, and the Future of AI Authorization appeared first on Aembit. The post MCP, OAuth 2.1, PKCE, and the Future of AI Authorization appeared first on…
Global IT News, Global Security News, Google, OAuth, Security, Startups
Employees of failed startups are at special risk of stolen personal data through old Google logins
As if losing your job when the startup you work for collapses isn’t bad enough, now a security researcher has found that employees at failed startups are at particular risk of having their data stolen. This ranges from their private Slack messages to Social Security numbers and, potentially, bank accounts. The researcher who discovered the…