A supply chain attack targeting the market intelligence platform Klue has resulted in the theft of OAuth tokens used by several high-profile organizations. The Icarus extortion group gained access to Klue's infrastructure by exploiting a dormant legacy credential for a prototype integration service. Once inside, the threat actors exfiltrated OAuth tokens that allowed them to query connected third-party environments, specifically targeting Salesforce CRM data.

Source

Microsoft is updating the sign-in experience for personal accounts by requiring users to manually type a two-digit code into the Authenticator app. This replaces the previous method where users simply chose the correct number from three visible options on their mobile device. The change is being rolled out gradually to ensure all users eventually transition to this more deliberate verification process.

Source

Et si votre mot de passe aléatoire « généré par IA » était en réalité plus prévisible que vous ne le pensez ? Derrière des chaînes en apparence complexes, les modèles reproduisent des schémas récurrents et manquent d’un ingrédient clé : le hasard. Résultat, une nouvelle surface d’attaque à grande échelle.