News

Android7mon

Google’s OAuth flaw is potentially exposing millions of accounts

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...
Security Boulevard6d

Behind the Salesforce OAuth Drift Breach

In recent weeks, major companies like Palo Alto Networks, Zscaler, Cloudflare, and SpyCloud have all confirmed they were ...
HealthcareInfoSecurity9d

Salesloft Drift Attacks Exposed Zscaler Customer Data

Threat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for ...
CPO Magazine3d

New Round of Stolen OAuth Tokens Obtained From Salesloft Drift Platform Led to Compromise of Cloudflare, Palo Alto Networks & Zscaler

An as-of-yet undiagnosed compromise of the Salesloft Drift AI-driven platform has led to a rash of stolen OAuth tokens, in turn creating downstream breaches at some of the biggest names in the ...
TechBooky8d

Palo Alto Networks Data Leak Exposes Customer Details

Data breaches resulting from a recent supply chain attack to Salesloft Drift are being reported by Palo Alto Networks, ...

Palo Alto Investigates Data Theft After Hackers Exploit Stolen OAuth Tokens

Attackers used custom Python tools, Tor for obfuscation and log deletion techniques to evade detection. Palo Alto Networks ...
Security Boulevard15d

OAuth Device Flow Vulnerabilities: A Critical Analysis of the 2024-2025 Attack Wave

ShinyHunters compromised Google, Qantas & dozens more using OAuth device flow attacks—bypassing MFA without exploiting a single software bug. My deep-dive analysis reveals how they did it and what ...