CSO Online

Klue breach exposed Salesforce CRM data through stolen OAuth tokens

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce ...
Dark Reading

Salesforce Data Thefts Continue via Klue App Compromise

More Salesforce instances have been breached by threat actors abusing a third-party application integration, this time through Klue's Battlecards app. The attacks, which are the latest in a series of ...
DataBreachToday

Attackers Steal Salesforce Data From Klue Battlecards Users

Salesforce disabled connections to its customer relationship management environment from third-party app Klue Battlecards as ...
InfoQ

Azure Functions Ships Serverless Agents Runtime at Build 2026

Azure Functions shipped a serverless agents runtime in public preview at Build 2026. Agents are defined in .agent.md markdown ...
Bleeping Computer

Microsoft links Mastra AI supply chain attack to North Korean hackers

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GitHub

fastjson_v1-2-68_RCE_利用链复现.md

首先需要知道的是, 这是一条任意文件写入的利用链 (不受 autotype 限制), 而写入一个 jsp ...