News

CPO Magazine

New Round of Stolen OAuth Tokens Obtained From Salesloft Drift Platform Led to Compromise of Cloudflare, Palo Alto Networks & Zscaler

An as-of-yet undiagnosed compromise of the Salesloft Drift AI-driven platform has led to a rash of stolen OAuth tokens, in turn creating downstream breaches at some of the biggest names in the ...
CSOonline

Cybercrooks faked Microsoft OAuth apps for MFA phishing

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...

Salesloft Drift: Login token misused for data theft

The AI platform Salesloft Drift has a security problem that attackers are exploiting to extract large amounts of data from Salesforce, for example.
CSOonline

Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges

Proofpoint discovers threat actors targeting verified status in the Microsoft environment to abuse OAuth privileges and lure users into authorizing malicious apps. Researchers from cybersecurity firm ...
Ars Technica

Gmail’s API lockdown will kill some third-party app access, starting July 15

Google is locking down API access to Gmail data (and later, Drive data) soon, and some of your favorite third-party apps might find themselves locked out of your Google account data. The new API ...