Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence AI chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked...

Budibase 代码问题漏洞

Budibase is a low-code platform for creating in-house applications, workflows and admin panels in minutes, open-sourced by Budibase UK. A code issue vulnerability exists in Budibase versions prior to 2.4.3 that stems from the presence of a Server Request Forgery SSRF vulnerability. An attacker...

CVE-2021-22969

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...