Security news aggregator

Latest coverage for Slack

Slack is a workplace messaging platform whose integrations, permissions, and exposed data can affect organizational security and privacy.

11 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Slack is a hosted collaboration platform for workplace channels, direct messages, file sharing, and integrations with other services. It is security-relevant because workspaces can contain confidential discussions, credentials, personal data, and operational documents. Unauthorized account access, overly broad channel or guest permissions, and accidental external sharing can expose that content; retention settings may also determine how much information remains available after an incident.

Key attack surfaces include identity and session controls, OAuth applications, bots, webhooks, APIs, and Slack’s desktop, mobile, and browser clients. Security teams should enforce strong authentication, review app permissions and tokens, restrict external access, patch clients, and use audit logs and appropriate retention or data-loss controls. Advisories about client or API vulnerabilities should be assessed for affected versions, required access, and potential reach into workspace data. Investigations may need to examine application tokens, integration activity, and audit records as well as user credentials.

Volume over time

Weekly headline count for the current query.

Showing 11 most recent headlines Filtered view

Keeping it simple for the developers can lead to very complex headaches later PWNED Welcome back to PWNED, the column where we celebrate the people who’ve taught us how not to secure a server. If you’ve ever tied your own shoelaces together, then tripped over them, or attempted to dive into a swimming pool but hit your head on the diving board, we’ll be talking about your cyber equivalent.…

The Register 23 Apr 2026, 9:28 p.m. Slack

Google Sites lure leads to bogus root certificate Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used pages hosted on Google.com to steal developers' credentials and take over their systems.…

A 25-year-old California man pleaded guilty to stealing and dumping 1.1TB of data from the House of Mouse When someone stole more than a terabyte of data from Disney last year, it was believed to be the work of Russian hacktivists protesting for artist rights. We now know it was actually a 25-year-old California resident.…

Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued a list of the 15 most exploited vulnerabilities in 2023, and warned that attacks on zero-day exploits have become more common.…

Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and warned that attacks on zero-day exploits have become more common.…

Doctorow: 'The most amazing part is that this isn't already the way it's done' Collaboration software used by federal government agencies — this includes apps from Microsoft, Zoom, Slack, and Google — will be required to work together and be securely end-to-end encrypted, if legislation proposed by US Senator Ron Wyden (D-OR) passes.…

The Register 3 years, 9 months ago

Uber explains how it was pwned this month

From annoying MFA alerts to 'several internal systems' infiltrated Uber, four days after suffering a substantial cybersecurity breach, has admitted the attacker accessed "several internal systems" including the corporation's G Suite account, and downloaded internal Slack messages and a tool used by its finance department to manage "some" invoices.…