Scope of Salesforce Attacks Expands as Icarus Leaks Data
More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.
At least four cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration
CRM Data Theft Tied to OAuth Tokens Stolen From Third-Party Market Intelligence AppSalesforce disabled connections to its customer relationship management environment from third-party app Klue Battlecards as a response to a "security incident." Attackers breached Klue's platform, generated OAuth tokens for Salesforce and stole data, now being held to ransom.
Market intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. [...]
Investigators Found Months of Unchecked Database Scraping ActivitySouth Korea's privacy regulator fined Coupang a record 624.7 billion won after concluding that weak authentication controls, insider access abuse, evidence destruction and unauthorized data collection contributed to the exposure of personal information belonging to 33.7 million people.
Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]
A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lead to widespread impact across downstream customers. [...]
Article 9 of DORA makes authentication and access control a legal obligation for EU financial entities. Here is what the regulation requires, and what a breach looks like when those controls are missing. [...]
CEO suspects silicon sidekick behind 'surprising velocity' breach - cyber crims shop stolen data for $2M Vercel's CEO reckons the crooks behind its recent breach likely had a helping hand from AI, saying the attackers moved with "surprising velocity" and a deep understanding of the company's infrastructure.…
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
Attacker First Compromised AI Tool Used by Vercel Employee, Platform Provider FindsCloud platform provider Vercel said an attacker breached its systems and stole customer data after compromising a third-party agentic artificial intelligence tool used by an employee, called Context.ai, and stealing from it credentials and OAuth tokens tied to multiple services and customers.
An OAuth supply chain compromise at Vercel exposed how trusted third party apps and platform environment variables can bypass traditional defenses and amplify blast radius. This article examines the attack chain, underlying design tradeoffs, and what it reveals about modern PaaS and software supply chain risk.
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. [...]
Lawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against MarquisMarquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits.
Threat actor “Zestix” was able to breach around 50 firms using infostealers because they lacked multi-factor authentication
'I have compromised other known OAuth apps,' Shiny tells The Reg EXCLUSIVE ShinyHunters has claimed responsibility for the Gainsight breach that allowed the data thieves to snarf data from hundreds more Salesforce customers.…
Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs' Cazadora script helps uncover rogue apps before they lead to a breach. Dive deeper in their Tradecraft Tuesday sessions. [...]
The Salesloft Drift breach shows attackers don't need to "hack Google" — they just need to breach a trusted integration. Learn from Material Security how to secure OAuth, detect risky behavior, and protect data in Google Workspace. [...]
Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases. [...]
The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens.