Tootfinder

»OAuth-Token erbeutet – Hacker greifen massig Daten aus Salesforce-Instanzen ab:
Cyberkriminelle haben es erneut auf Salesforce-Kunden abgesehen. Wer die Salesloft-Drift-Integration verwendet, sollte dringend handeln.«
Schon länger geht das Gerücht um, dass OAuth des öfteren schwach implementiert ist von den IT-Konzernen, wie schon bei OAuth v1 das als unsicher gilt.
🔒

OAuth-Token erbeutet: Hacker greifen massig Daten aus Salesforce-Instanzen ab - Golem.de
Cyberkriminelle haben es erneut auf Salesforce-Kunden abgesehen. Wer die Salesloft-Drift-Integration verwendet, sollte dringend handeln.

When you get the option to `Sign in with Google/Microsoft/Facebook` you're really using #OAuth. Aside from those platforms knowing what you're doing everywhere all the time, there are compelling reasons for both 3rd party services and users. (not many, but a few).
But if you DO link your #Microsoft /

Poor Software Product Management Chronicles: E-Auth, I-Auth, OAuth, Fuck Off
From the This Is Why We Can't Have Nice Things department. When you are registering or logging into an online or app service and they ...

The WriteFreely instance at Infosec.press is cool. It ties back to their infosec.exchange mastodon instance. Thinking about how finding a blog space has been a barrier to some of my protects in the past (noblogs is great but is harder to get an account), I wonder what the prospects are for something like that at @…. Is this something that's on the radar?
@… had a handy writeup on this for their server: https://infosec.press/jerry/how-to-user-mastodons-built-on-oauth-provider-as-the-authentication-provider

So someone just got access to a bunch of Salesforce accounts by getting their access tokens.
Salesforce is the company that claims that already 20% of their code is written by "AI", isn't it?
https://cloud.google.com/blog…

Widespread Data Theft Targets Salesforce Instances via Salesloft Drift | Google Cloud Blog
UNC6395 stole data from Salesforce instances by exploiting compromised OAuth tokens from the Salesloft Drift app.

Salesloft says hackers stole OAuth tokens from its Drift chat agent integration to conduct a Salesforce data theft campaign between August 8 and August 18 (Lawrence Abrams/BleepingComputer)
https://www.bleepingcomputer.com/news/secu

Building a robust OAuth token based API Security: A High level Overview
Senthilkumar Gopal
https://arxiv.org/abs/2507.16870 https://arxiv.org/pdf/2507.1687…

Building a robust OAuth token based API Security: A High level Overview
APIs (Application Programming Interfaces) or Web Services are the foundational building blocks that enable interconnected systems. However this proliferation of APIs has also introduced security challenges that require systematic and scalable solutions for secure authentication and authorization. This paper presents the fundamentals necessary for building a such a token-based API security system. It discusses the components necessary, the integration of OAuth 2.0, extensibility of the token arc…

Updated #IOT #HomeAssistant #InternetOfTrash @… @… @…

Are you worried your #dotnet #security could be more secure? Join us for a #livestream on August 21st, 2025, to discuss FAPI 2.0, its relation to

#Discord apparently only accounted for OAuth links to activities to be posted, so when I posted a link to a Scatman John bot (don’t ask, or do if you want) it came out like this:

Cloudflare open sourced an OAuth library mostly written by Claude, showing how AI handles mechanical implementation while humans guide with context and judgment (Max Mitchell)
https://www.maxemitchell.com/writings/i-read-all-of-cloudflares…

Max Mitchell's Personal Portfolio Website
Max Mitchell's personal portfolio website showcasing his photography, YouTube videos, coding projects, and work history.