GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...

GitHub says it notified all organizations believed to have had data stolen from their private repositories by attackers abusing compromised OAuth user tokens issued to Heroku and Travis-CI. "As of ...

Attackers leveraged stolen secrets to hijack integrations and access customer data, highlighting the need for enterprises to audit connected apps and enforce token hygiene. Salesforce has disclosed ...

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Last week, GitHub Security researchers ...

One employee at Vercel adopted an AI tool. One employee at that AI vendor got hit with an infostealer. That combination created a walk-in path to Vercel’s production environments through an OAuth ...

Salesforce disabled Klue Battlecards integration after attackers used compromised OAuth tokens to access customer CRM data ...

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, ...

CoPhish uses Copilot Studio agents to phish OAuth tokens via fake login flows Attackers exploit Microsoft domains to appear legitimate and access sensitive user data Mitigations include restricting ...

PCWorld reports that Anthropic and Google are banning users who connect flat-rate Claude and Gemini accounts to OpenClaw without warning or refunds. OpenClaw’s massive token consumption degrades ...

Turns out your biggest breach risk might come from a vendor’s acquisition — and an old OAuth token you didn’t even know existed. The recent SalesLoft Drift breaches revealed an uncomfortable truth ...