Palo Alto Networks, Zscaler and PagerDuty Hit in Salesforce Linked Data Breaches

2 minute read

Palo Alto Networks, Zscaler and PagerDuty Hit in Salesforce Linked Data Breaches

Hackers exploited the Salesloft Drift app to steal OAuth tokens and access Salesforce data, exposing customer details at…

byDeeba Ahmed

September 2, 2025

2 minute read

Google Reveals UNC6395’s OAuth Token Theft in Salesforce Breach

A new advisory from Google and Mandiant reveals a widespread data breach in Salesforce. Learn how UNC6395 bypassed…

byDeeba Ahmed

August 27, 2025

XSS and OAuth Combo Threatens Millions of Users Due to Hotjar Flaw

2 minute read

Security

XSS and OAuth Combo Threatens Millions of Users Due to Hotjar Flaw

Cybersecurity Experts Uncover Critical Vulnerabilities in Leading Web Analytics Platform Hotjar, Potentially Exposing Sensitive Data of Millions of…

byWaqas

July 29, 2024

Malware Families Exploiting Google Cookie Exploit Through OAuth2 Functionality

2 minute read

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

Among others, developers of the infamous Lumma, an infostealer malware, are already using the exploit by employing advanced…

byDeeba Ahmed

December 29, 2023

Microsoft Cloud Hit by OAuth-Fueled Cybercrime Spree

3 minute read

Microsoft: Storm-1283 Sent 927,000 Phishing Emails with Malicious OAuth Apps

Cloud Security Shakeup: Experts Urge Caution as OAuth Becomes Hacker Playground.

byDeeba Ahmed

December 14, 2023

Social Login Flaws in Popular Websites Risked Billions of User Accounts

4 minute read

Security

Social Login Flaws in Popular Websites Risked Billions of User Accounts

The critical API security flaws in the social sign-in and OAuth (Open Authentication) implementations affected high-profile companies like…

byDeeba Ahmed

October 24, 2023

2 minute read

New Spam Attack Abusing OAuth Apps to Target Microsoft Exchange Servers

According to Microsoft 365 Defender Research Team, in an incident they analyzed, malicious OAuth applications were deployed on compromised cloud tenants, and eventually, attackers took over Exchange servers to carry out spam campaigns.

byDeeba Ahmed

September 23, 2022

The Latest

Malicious Visual Studio Code Extensions Hide Trojan in Fake PNG Files

New ‘DroidLock’ Android Malware Locks Users Out, Spies via Front Camera

1inch Named Exclusive Swap Provider at Launch for Ledger Multisig

Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks

OAuth

Palo Alto Networks, Zscaler and PagerDuty Hit in Salesforce Linked Data Breaches

Google Reveals UNC6395’s OAuth Token Theft in Salesforce Breach

XSS and OAuth Combo Threatens Millions of Users Due to Hotjar Flaw

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

Microsoft: Storm-1283 Sent 927,000 Phishing Emails with Malicious OAuth Apps

New Spam Attack Abusing OAuth Apps to Target Microsoft Exchange Servers

1inch Named Exclusive Swap Provider at Launch for Ledger Multisig

INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps

INE Earns G2 Winter 2026 Badges Across Global Markets

Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing

Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM