OAuth
-
Abandoned Sogou Zhuyin Update Server Hijacked to Deliver Espionage Malware, TAOTH Campaign Reveals
A June 2025 reveal shows attackers hijacking an abandoned Sogou Zhuyin update server to deploy multiple spyware and backdoors (TOSHIS, DESFY, GTELAM, C6DOOR) in a campaign targeting East Asia and overseas Chinese communities, with phishing and OAuth abuse used to gain access to high-value targets.
-
Salesloft breach linked to theft of Drift OAuth tokens used to access Salesforce, Google says UNC6395 behind attack
Hackers breached Salesloft to steal Drift OAuth and refresh tokens used for Salesforce integration, enabling data exfiltration from customer environments. Google’s threat intelligence assigns UNC6395 to the activity and notes credential theft across cloud services, with administrators urged to rotate credentials and reauthenticate Drift-Salesforce connections.
-
Security Flaw in OneDrive File Picker Exposes Users to Risks
A recently discovered vulnerability in Microsoft’s OneDrive File Picker may allow third-party apps to access users’ entire OneDrive storage without their clear consent, posing significant risks of data exposure and compliance violations.
