This repository is a read-only mirror, published from Databricks' internal repository with each release. Pull requests are reviewed here but merged internally (see CONTRIBUTING.md). The Databricks SDK ...
An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce ...
ReliaQuest observed attackers generating OAuth tokens and using Python scripts to query Salesforce's API for extended periods, as data was stolen. Huntress later disclosed that its own Salesforce ...
Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To ...
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving ...
Low-code cloud services that allow users to create and run their own sandboxed code could be compromised by multistep exploit chains, leading to a complete platform takeover, if software-as-a-service ...
Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft. Five attack surfaces mapped.
This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and security checks needed.
Between May 6 and 7, four security research teams published findings about Anthropic’s Claude that most outlets covered as three separate stories. One involved a water utility in Mexico, another ...
A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours ...
Microsoft has warned organizations about ongoing OAuth abuse scams that use phishing emails and URL redirects to infect victims' machines with malware and take over their devices. The phishing ...
Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and ...