A supply chain attack targeting the market intelligence platform Klue has resulted in the theft of OAuth tokens used by several high-profile organizations. The Icarus extortion group gained access to Klue's infrastructure by exploiting a dormant legacy credential for a prototype integration service. Once inside, the threat actors exfiltrated OAuth tokens that allowed them to query connected third-party environments, specifically targeting Salesforce CRM data. <a href="

Read the original article