The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. For the past year, the threat actors have ...

Salesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the ...

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many ...

Google is advising users of the Salesloft Drift AI chat agent to consider all security tokens connected to the platform compromised following the discovery that unknown attackers used some of the ...

Security researchers warn that OneDrive’s file sharing tool may grant third-party web apps access to all your files—not just the one you choose to upload. Excessive permissions and ambiguous consent ...

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community. Issues are used to track todos, bugs, feature requests, and more.

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page ...

New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's ...

In today's interconnected digital world, secure authentication is paramount, forming the backbone of reliable and safe digital applications. As one of the industry's most seasoned experts and leaders, ...

Right now when oauth is setup through any provider we always perform code to token exchange using client_secret_post. We will do a post request to the token endpoint and always include client_secret ...