Bleeping Computer

Google warns Salesloft breach impacted some Workspace accounts

Google now reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access a small number of Google Workspace email accounts in ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Ars Technica

Microsoft Teams stores cleartext auth tokens, won’t be quickly patched

Microsoft's Teams client stores users' authentication tokens in an unprotected text format, potentially allowing attackers with local access to post messages and move laterally through an organization ...