ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
Tech.co

Best AI App Builders 2026: Build an Entire App in Minutes

There are plenty of places to look in the world of AI app builders and vibe coding. To get started quickly with an app, I’d recommend Lovable. Its simple approach to full-stack app development means ...
KRMG

Sand Springs could be home to new 800-acre data center called “Project Spring”

Some Sand Springs residents aren’t happy about a new 800-acre data center called “Project Spring” being considered by the city, but talks about the center have been tabled for now. A large-scale data ...
The Hacker News

Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity

Salesforce has warned of detected "unusual activity" related to Gainsight-published applications connected to the platform. "Our investigation indicates this activity may have enabled unauthorized ...
GitHub

Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
InfoQ

Building a RAG Application with Spring Boot, Spring AI, MongoDB Atlas Vector Search, and OpenAI

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Ars Technica

Hackers can steal 2FA codes and private messages from Android phones

Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 seconds. The new attack, named ...
Benzinga.com

Palo Alto Investigates Data Theft After Hackers Exploit Stolen OAuth Tokens

Palo Alto Networks (NASDAQ:PANW) confirmed a data breach after attackers used stolen OAuth tokens from the Salesloft Drift compromise to access its Salesforce Inc (NYSE:CRM) system. PANW is trading ...
Krebs on Security

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many ...
TechRepublic

Google Identifies ‘Widespread Data Theft’ Impacting Salesforce-Salesloft Drift Users

Google Identifies ‘Widespread Data Theft’ Impacting Salesforce-Salesloft Drift Users Your email has been sent A previously unidentified threat actor, UNC6395, has been linked to a recent breach ...
Infosecurity-magazine.com

New Data Theft Campaign Targets Salesforce via Salesloft App

Salesforce customers have again been targeted in a “widespread data theft campaign,” this time via compromised OAuth tokens associated with the third-party Salesloft Drift application. Salesloft Drift ...
The Hacker News

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent.