Salesloft Breached via GitHub Account Compromise
The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens.
Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. [...]
In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry
GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. [...]
Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information
Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database
GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.
GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations. [...]
Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations
GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. [...]