Security news aggregator

Latest coverage for Slack

Slack is a workplace messaging platform whose integrations, permissions, and exposed data can affect organizational security and privacy.

2 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Slack is a hosted collaboration platform for workplace channels, direct messages, file sharing, and integrations with other services. It is security-relevant because workspaces can contain confidential discussions, credentials, personal data, and operational documents. Unauthorized account access, overly broad channel or guest permissions, and accidental external sharing can expose that content; retention settings may also determine how much information remains available after an incident.

Key attack surfaces include identity and session controls, OAuth applications, bots, webhooks, APIs, and Slack’s desktop, mobile, and browser clients. Security teams should enforce strong authentication, review app permissions and tokens, restrict external access, patch clients, and use audit logs and appropriate retention or data-loss controls. Advisories about client or API vulnerabilities should be assessed for affected versions, required access, and potential reach into workspace data. Investigations may need to examine application tokens, integration activity, and audit records as well as user credentials.

Showing 2 most recent headlines Filtered view
Bank Info Security 1 year, 10 months ago

Slack Patches Prompt Injection Flaw in AI Tool Set

Hackers Could Exploit Bug to Manipulate Slack AI's LLM to Steal DataChat app Slack patched a vulnerability in its artificial intelligence tool set that hackers could have exploited to manipulate an underlying large language model to phish employees and steal sensitive data. Slack said it was a low-severity bug.