Search Results: OAuthSecurity

Security researchers reveal a novel phishing technique abusing Microsoft Copilot Studio's trusted domains to steal OAuth tokens. Dubbed 'CoPhish', the attack bypasses traditional defenses by weaponizing legitimate Microsoft infrastructure, posing critical risks to enterprise identity management.

Salesforce has publicly refused to negotiate with threat actors behind two massive data theft campaigns impacting nearly 40 major corporations. The attackers stole billions of records using OAuth exploits and social engineering, demanding ransom under threat of public leaks. The takedown of their data leak site raises questions about law enforcement involvement in this unprecedented supply chain attack.

The ShinyHunters cybercrime group claims to have stolen 1.5 billion records from 760 Salesforce customers using compromised Salesloft Drift OAuth tokens. Major tech firms including Google, Cloudflare, and Palo Alto Networks were impacted, with attackers weaponizing support ticket data for credential harvesting. The breach highlights critical third-party integration risks and ongoing supply chain threats.

A March compromise of Salesloft's GitHub repositories enabled threat actors to steal Drift OAuth tokens, fueling widespread data theft from Salesforce instances of major tech firms including Google, Cloudflare, and Palo Alto Networks. Mandiant's investigation reveals attackers operated undetected for months, exfiltrating credentials and support case data critical for further compromises.

Attackers exploited stolen OAuth tokens from Salesloft's Drift platform to breach Palo Alto Networks' Salesforce environment, exfiltrating customer information and support case data. The incident highlights systemic risks in third-party integrations as threat actors actively scan stolen data for cloud credentials. Palo Alto confirms no product systems were compromised but warns impacted customers to rotate credentials immediately.