In recent weeks, major companies like Palo Alto Networks, Zscaler, Cloudflare, and SpyCloud have all confirmed they were affected by a string of cyberattacks that began with Salesforce. Or at least, ...

Salesloft breach shows how OAuth tokens abused by trusted apps enable data exposure, underscoring the need for Zero Trust and ...

CRM giant denies security shortcomings as claims allege stolen data used for ID theft Updated  Salesforce is facing a wave of ...

Heroku has alerted a "subset" of its users that it is going to reset their passwords on May 4 unless they change passwords beforehand. In resetting the password, the company is warning that existing ...

Salesforce-owned PaaS vendor Heroku and GitHub have both warned that compromised OAuth user tokens were likely used to download private data from organizations using Heroku and continuous integration ...

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, ...

In the recent attack on Twitter in which information for about 250,000 users was compromised, Twitter’s forced password reset may not have been enough to fix the problem, writes the blog Talking ...

MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--The Open Financial Exchange TM (OFX) Consortium today released OFX 2.2 for public comment. The updated specification offers financial institutions safe and ...

GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations. The attacker used stolen OAuth ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...