Topic: authentication tokens
-
Salesloft Links Drift Data Theft to March GitHub Hack
A data breach at Salesloft originated from a March intrusion into its GitHub account, allowing attackers to steal authentication tokens and target major tech clients over several months. The attackers used stolen OAuth tokens to infiltrate companies like Google and Cloudflare via Salesloft's AWS ...
Read More » -
Barracuda Exposes Stealthy Microsoft 365 Phishing Kit
Whisper 2FA is a sophisticated phishing-as-a-service platform that has compromised nearly one million Microsoft 365 accounts by stealing login credentials and authentication tokens since July 2025. It employs a continuous credential theft loop that persistently prompts victims for multi-factor au...
Read More » -
Microsoft Entra Accounts Targeted in Vishing Attacks
A new wave of attacks combines device code phishing with voice phishing (vishing) to compromise Microsoft Entra accounts, exploiting the legitimate OAuth 2.0 device authorization flow to steal authentication tokens without traditional password theft. The **ShinyHunters** extortion group is believ...
Read More » -
Microsoft Entra ID Flaw: The Critical Security Risk You Can't Ignore
Security researcher Dirk-jan Mollema discovered two critical vulnerabilities in Microsoft Entra ID that could allow attackers to gain global administrator privileges across nearly all customer tenants. The flaws, involving legacy components like the Access Control Service and Azure Active Directo...
Read More » -
Hackers Stole Data From 200 Companies in Google-Linked Breach
A major supply chain attack compromised data from over 200 organizations, with Google confirming theft from Salesforce instances through Gainsight applications, highlighting risks in interconnected digital ecosystems. The hacking group Scattered Lapsus$ Hunters claimed responsibility, targeting c...
Read More »