21 Nov 2025
By Mary

InfoSec News Nuggets 11/21/2025

Salesforce alerts users to potential data exposure via Gainsight OAuth apps Salesforce reported “unusual activity” involving Gainsight published OAuth applications, warning that attackers may have used those integrations to access some customers’ Salesforce data even though the core Salesforce platform was not directly compromised. All tokens for the affected apps were revoked and the apps pulled from the AppExchange while the investigation continues. This incident underscores the risk posed by third party SaaS integrations and…
Read More
08 Oct 2025
By Mary

InfoSec News Nuggets 10/08/2025

Foreign threat actors adopting ChatGPT to bolster “old playbook” of attacks, OpenAI finds  But, in what may be considered good news for security teams, the AI start-up also says most threat actors appear to be playing it safe and sticking with "tried and true" methods previously used to carry out their attacks. “We continue to see threat actors bolt AI onto old playbooks to move faster, not gain novel offensive capability from our models,” the company…
Read More
07 Oct 2025
By Mary

InfoSec News Nuggets 10/07/2025

Thieves steal IDs and payment info after data leaks from Discord support vendor  Discord has confirmed customers' data was stolen – but says the culprit wasn't its own servers, just a compromised support vendor. The chat platform revealed late last week that an unnamed customer service vendor had been compromised, exposing support tickets and personal details submitted by users who had contacted Discord's help or Trust & Safety teams. The company stressed that its own systems were…
Read More
01 May 2023
By Mary

InfoSec News Nuggets 05/01/2023

Many Public Salesforce Sites are Leaking Private Data  A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in. Salesforce Community is a widely-used cloud-based software product that makes it easy for organizations to…
Read More
22 Nov 2019
By Mary

InfoSec News Nuggets 11/22/2019

1 - Midwest Gets First Cybercrime-Fighting Dog Police in Nebraska have recruited a highly trained dog to assist them in the fight against cybercrime. Two-year-old black Labrador Quinn has joined the Bellevue Police Department as the Midwest's first-ever electronic storage device K-9 officer. Unlike most sniffer dogs, who are taught to detect drugs, Officer Quinn has been specially trained to sniff out a particular chemical used in electronic devices like SIM cards, cell phones, and micro SD…
Read More
21 Nov 2019
By Mary

InfoSec News Nuggets 11/21/2019

1 - NTSB blames Uber’s 'inadequate safety culture' for self-driving fatality The NTSB has lambasted Uber's "inadequate safety culture" and "lack of risk assessment mechanisms" before its self-driving fatality. In March 2018, an autonomous 2017 Volvo XC90 struck and killed pedestrian Elaine Herzberg as she crossed the street in Tempe, Arizona. Officials have also assigned blame to the safety driver, who at the time was watching The Voice on her smartphone. NTSB chair Robert L. Sumwalt said "the collision was the last…
Read More