ExtremeTech

Intel's Panther Lake Will Use Embattled 18A Process Node Despite Yield Concerns

Share on Facebook (opens in a new window) Share on X (opens in a new window) Share on Reddit (opens in a new window) Share on Hacker News (opens in a new window) Share on Flipboard (opens in a new ...
CPO Magazine

Hackers Steal OAuth Tokens via Salesloft Drift Integrations in Massive Salesforce Data Theft

Google Threat Intelligence Group (GTIG) warns that attackers are stealing OAuth tokens via Salesloft Drift integrations in a massive Salesforce data theft. Alphabet’s GTIG and Mandiant attributed the ...
SecurityWeek

Security Firms Hit by Salesforce–Salesloft Drift Breach

Hackers accessed customer contact information and case data from Salesforce instances at Cloudflare, Palo Alto Networks, and Zscaler. Cybersecurity firms Cloudflare, Palo Alto Networks, and Zscaler on ...
Krebs on Security

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many ...
Ars Technica

Google warns that mass data theft hitting Salesloft AI agent has grown bigger

Google is advising users of the Salesloft Drift AI chat agent to consider all security tokens connected to the platform compromised following the discovery that unknown attackers used some of the ...
The Hacker News

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent.
SecurityWeek

Hundreds of Salesforce Customers Hit by Widespread Data Theft Campaign

Google says the hackers systematically exported corporate data, focusing on secrets such as AWS and Snowflake keys. Hackers stole data from hundreds of Salesforce customer instances in a widespread ...
The Hacker News

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts

Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part ...
GitHub

SNOW-2213522: OAUTH_CLIENT_CREDENTIALS not correctly building token request body due to incorrect placement of scope for AzureAD

What version of NodeJS driver are you using? 2.1.2 What operating system and processor architecture are you using? macOS Sonoma 14.7.4 Apple M2 Max What version of NodeJS are you using? v23.7.0 What ...
Bleeping Computer

Phishers abuse Google OAuth to spoof Google in DKIM replay attack

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page ...
Microsoft

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...
Bleeping Computer

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were discovered by ...