一起影响超过700家组织（包括多家知名网络安全公司）的复杂供应链攻击事件，现已溯源至Salesloft公司GitHub账户在2025年3月遭到的入侵。2025年9月6日的最新通报显示，网络安全公司Mandiant调查确认，攻击者利用这一初始访问权限， ...

2025年8月发生的Salesloft Drift数据泄露事件堪称SaaS史上最严重的供应链攻击之一，展示了单一受损集成如何引发大规模组织数据暴露。威胁组织UNC6395通过利用OAuth令牌漏洞，获取了包括Cloudflare、Palo Alto ...

GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations. The attacker used stolen OAuth ...

Threat actors had access to Salesloft’s GitHub account between March and June 2025 and performed reconnaissance.

Salesforce-owned PaaS vendor Heroku and GitHub have both warned that compromised OAuth user tokens were likely used to download private data from organizations using Heroku and continuous integration ...

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in ...

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the ...

A Russian researcher was able to take five low severity OAuth bugs and string them together to create what he calls a “simple but high severity exploit” in Github. A Russian security researcher was ...