LastPass breached via stolen OAuth tokens in Klue supply chain attack
Hackers accessed customer data from LastPass's Salesforce environment after compromising OAuth credentials through third-party vendor Klue earlier this month.
LastPass confirmed that attackers accessed customer data stored in its Salesforce environment following a supply chain compromise at Klue, a competitive intelligence platform. The breach occurred after hackers stole OAuth tokens that granted access to LastPass's Salesforce instance.
The incident stems from a broader supply chain attack targeting Klue, which provides sales intelligence services to multiple enterprise clients. LastPass disclosed that the stolen OAuth tokens allowed unauthorized access to customer information held within its Salesforce deployment, though the company has not specified the volume or sensitivity of exposed data.
This marks the latest security incident for LastPass, which has faced scrutiny over previous breaches. The company's reliance on third-party vendors for business operations created an attack surface that threat actors successfully exploited. OAuth tokens, which enable applications to access services without exposing passwords, have become a preferred target for sophisticated threat actors because they can provide persistent access to cloud environments.
- 01LastPass customers face potential exposure of account metadata and business information held in Salesforce.
- 02Organizations using Klue must audit OAuth token grants and review access logs for anomalies.
- 03Enterprises relying on third-party SaaS integrations should reassess vendor security postures and token management.
- 04Security teams should inventory OAuth grants across cloud platforms and implement token rotation policies.
Ransomware attack executed entirely by AI agent, researchers report
JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.
Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.