An as-of-yet undiagnosed compromise of the Salesloft Drift AI-driven platform has led to a rash of stolen OAuth tokens, in turn creating downstream breaches at some of the biggest names in the ...

A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various ...

Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. These attacks were part of ...

Threat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for ...

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the ...

Social media supersite Facebook has fixed a vulnerability that could have allowed a hacker to access a user’s account simply by getting them to click through to a specially crafted website. The flaw ...

The "Google Docs" phishing attack that wormed its way through thousands of e-mail inboxes earlier this week exploited a threat that had been flagged earlier by at least three security researchers—one ...

In response, Google has revoked the tokens that were used in the breaches and disabled integration between the Salesloft ...

Salesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the ...