Salesforce has disabled the Klue Battlecards app integration after a security breach at the competitive intelligence firm exposed customer data. The incident originated from a compromised legacy credential within Klue's infrastructure, which allowed an extortion group known as Icarus to push malicious code. This code collected OAuth tokens that customers use to connect Klue to their own environments, effectively bypassing standard authentication measures like passwords or multi-factor authentication.
IBM and Microsoft have launched a collaborative service designed to bridge the gap between detecting identity-based threats and executing governed remediation. The partnership integrates Microsoft’s security telemetry with IBM’s managed response services to address the rising volume of credential-based attacks. This solution specifically targets risks such as multi-factor authentication abuse, token theft, and unauthorized privilege escalation.
Anthropic has announced the general availability of Workload Identity Federation (WIF) on the Claude Platform. This feature supports any OpenID Connect (OIDC) compliant identity provider, including AWS IAM, Azure managed identities, and Google Cloud Platform service accounts. It applies to all Claude API endpoints, first-party software development kits (SDKs), and Claude Code.
Connexion
