Authentication Tokens
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. Salesloft’s SalesDrift is a third-party platform that connects the Drift AI chat agent with a Salesforce instance, allowing organizations to sync conversations, leads, and support cases into […]
‘Stargazers’ use fake Minecraft mods to steal player passwords
A large-scale malware campaign specifically targets Minecraft players with malicious mods and cheats that infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets. The campaign, discovered by Check Point Research, is conducted by the Stargazers Ghost Network and leverages the Minecraft massive modding ecosystem and legitimate services like GitHub to reach a […]
Education giant Pearson hit by cyberattack exposing customer data
Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, GeekFeed has learned. Pearson is a UK-based education company and one of the world’s largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its […]
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
A proof-of-concept attack called “Cookie-Bite” uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. The attack was devised by Varonis security researchers, who shared a proof-of-concept (PoC) method involving a malicious and a legitimate Chrome […]
Internet Archive breached again through stolen access tokens
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. Since last night, GeekFeed has received numerous messages from people who received replies to their old Internet Archive removal requests, warning that the organization has been breached as they did […]