Topic: oauth tokens

Sort by: Relevance | Date
  • Stop AI Agent Threats: Why Okta's New Security Standard is Essential
    December 18, 2025

    Stop AI Agent Threats: Why Okta's New Security Standard is Essential

    The rise of AI agents accessing corporate data creates security blind spots, as current delegated access systems (like OAuth) bypass central IT oversight, placing risky permissions in employees' hands. A new open standard, the Identity Assertion Authorization Grant (IAAG), proposes to give organi...

    Read More »
  • Salesforce Reveals Gainsight Breach Details and Investigation Steps
    November 28, 2025

    Salesforce Reveals Gainsight Breach Details and Investigation Steps

    Salesforce disclosed a security incident involving Gainsight applications, with unauthorized access likely starting on November 8 and suspicious activity detected from mid-November using IPs from VPNs, Tor, and AWS. Indicators of compromise include specific IP addresses and a suspicious User Agen...

    Read More »
  • Salesforce Users at Risk From Gainsight Supply Chain Attack
    November 22, 2025

    Salesforce Users at Risk From Gainsight Supply Chain Attack

    A cybersecurity incident involving Gainsight's Salesforce connector potentially exposed customer data, prompting Salesforce to revoke access and remove Gainsight apps from AppExchange due to unusual activity. The attack, claimed by the Scattered Spider-ShinyHunters-Lapsus$ group, may lead to a de...

    Read More »
  • Salesforce Probes New Security Incident Similar to Salesloft Breach
    November 22, 2025

    Salesforce Probes New Security Incident Similar to Salesloft Breach

    Salesforce is investigating a security incident involving unauthorized access to customer data through Gainsight app integrations, leading to revoked tokens and temporary removal of the apps from AppExchange. Threat actors linked to ShinyHunters compromised Gainsight OAuth tokens to access Salesf...

    Read More »
  • Trinity of Chaos Ransomware Unveils New Data Leak Site
    October 8, 2025

    Trinity of Chaos Ransomware Unveils New Data Leak Site

    Trinity of Chaos, a ransomware collective with ties to major cybercrime groups, has launched a TOR-based data leak site listing 39 international corporations, including Toyota, FedEx, and Disney, marking an escalation in their tactics. The group is publishing previously unreleased data from past ...

    Read More »
  • Salesloft Links Drift Data Theft to March GitHub Hack
    September 8, 2025

    Salesloft Links Drift Data Theft to March GitHub Hack

    A data breach at Salesloft originated from a March intrusion into its GitHub account, allowing attackers to steal authentication tokens and target major tech clients over several months. The attackers used stolen OAuth tokens to infiltrate companies like Google and Cloudflare via Salesloft's AWS ...

    Read More »
  • Zscaler Breach: Customer Data Exposed via Third-Party Hack
    September 2, 2025

    Zscaler Breach: Customer Data Exposed via Third-Party Hack

    A security breach at Zscaler exposed customer data via a compromised third-party AI chat agent, Salesloft Drift, which allowed attackers to access sensitive records in the company's Salesforce environment. The compromised information includes names, email addresses, job titles, phone numbers, reg...

    Read More »

Related Topics

phishing attacks (3) appexchange removal (2) incident response (2) data breach (2) salesforce security (2) data leak (2) token revocation (2) data theft (2)