Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: data-theft (5 articles)Clear

Attackers abuse OpenAI organization invites to phish data from security firms

Push Security reports that attackers are creating OpenAI organizations that impersonate legitimate companies and inviting employees, including at cybersecurity firms, to join them, aiming to trick people into entering sensitive company information into chats and projects under attacker control. The danger is that the invitations come from OpenAI's own infrastructure, so they are genuine messages and slip past email security controls that would catch ordinary phishing. It is a reminder that trusted SaaS platforms can be turned into phishing channels through their normal invitation features, where the message itself is legitimate even though the inviting organization is fraudulent. Verification of unexpected invites is the key defense.

Check
Tell staff to treat unexpected invitations to join an organization on OpenAI or other SaaS platforms with suspicion, and monitor which external organizations employees' work accounts have joined.
Affected
Employees, including at security firms, who receive genuine-looking organization invitations from SaaS platforms; data typed into an attacker-controlled organization's chats or projects is exposed to the attacker.
Fix
Train staff to verify unexpected SaaS organization invitations through a separate channel, monitor SaaS organization memberships, and set policies on which platforms and tenants employees may join with work accounts.

Chrome ad blocker with 10 million installs hides dormant code-injection capability

Researchers at Island found that a popular Chrome extension, "Adblock for YouTube," with more than 10 million installs and a Featured badge, contains the machinery to run arbitrary JavaScript on any website the user visits. The extension works as advertised, but it can fetch a rule from its server that creates script elements with attacker-supplied content, giving access to page data, sessions, and forms. The capability is dormant, not absent: switching it on takes a single server-side change, with no extension update and no store review. The add-on changed ownership years ago, requests access to all sites, and is linked to other extensions previously pulled for malware.

Check
Inventory browser extensions across the organization, flag high-permission ones like ad blockers that request access to all sites, and identify extensions that fetch configuration or rules from external servers.
Affected
Anyone using the 'Adblock for YouTube' Chrome extension or similar high-install add-ons with all-site access and server-controlled logic; a single server change could turn them into code-injection tools.
Fix
Remove or restrict extensions whose permissions exceed their purpose, prefer those with self-contained rules over server-controlled ones, enforce an extension allowlist, and monitor for ownership and permission changes.

Stolen Klue OAuth tokens let 'Icarus' group raid Salesforce data

A new extortion group called Icarus stole Salesforce CRM data from multiple organizations by abusing Klue, a competitive-intelligence app that integrates with Salesforce. Attackers compromised Klue's backend through a dormant credential, pushed a malicious update that harvested customers' OAuth tokens, and used those tokens to run automated queries against Salesforce's API, exfiltrating contacts, sales communications, and account data over about a day. Salesforce has disabled the Klue Battlecards integration. It is the same OAuth-abuse playbook seen in the Salesloft Drift and Gainsight incidents, exploiting trusted third-party integrations that carry broad, lightly-monitored access. Researchers expect more such attacks through 2026.

Check
Inventory third-party apps connected to your Salesforce and other SaaS, especially Klue, review their OAuth scopes, and hunt API logs for unusual query volume or access from unexpected integrations.
Affected
Organizations using Klue's Salesforce integration, and more broadly any business relying on third-party SaaS integrations whose OAuth tokens grant broad, under-monitored access to CRM and other sensitive data.
Fix
Revoke and rotate OAuth tokens for Klue and other affected integrations, terminate active sessions, restrict integration and API access to known infrastructure, and continuously monitor SaaS integration activity for anomalies.

Dashlane confirms attackers downloaded encrypted vaults of fewer than 20 users in brute-force campaign; Master Password still protects data

Dashlane has updated its brute-force-attack disclosure with a material escalation: attackers successfully downloaded a copy of the encrypted vaults belonging to fewer than 20 personal-plan users. The campaign aimed to break two-factor authentication and register new devices on existing accounts; the high volume of attempts triggered the temporary suspensions reported earlier. Dashlane says it directly notified each affected user and that anyone who did not receive a vault-risk message is unaffected. Crucially, vault data cannot be decrypted without the Master Password, so unless a password is trivial and predictable, cracking attempts are unlikely to succeed. Dashlane's internal systems were not compromised. Users should review registered devices and enable 2FA.

Check
If your team uses Dashlane, confirm whether anyone received a vault-risk notification. For notified users, treat the encrypted vault as exposed and rotate all stored credentials promptly.
Affected
Fewer than 20 Dashlane personal-plan users whose encrypted vaults were downloaded. Vaults are useless without the Master Password; weak or predictable Master Passwords are the residual risk.
Fix
Notified users: rotate every stored credential and change the Master Password to a long, unique one. All users: review registered devices, remove unknown ones, and enable 2FA.

Malicious npm package 'mouse5212-super-formatter' steals files from Claude AI /mnt/user-data directory, exfiltrates to attacker GitHub via postinstall

OX Security has flagged a malicious npm package, mouse5212-super-formatter (campaign codenamed Malware-Slop), designed to exfiltrate files from /mnt/user-data - the directory Anthropic's Claude uses to handle uploads and outputs. The package presents itself as an 'archive deployment sync' utility but, during the postinstall stage, authenticates to GitHub using a token found in the victim's environment (or a hard-coded fallback), creates an attacker-controlled repository, and recursively uploads every local file. It writes a fake 'network connections' log to disguise the theft. The package leaked its own GitHub token, suggesting AI-generated malware with poor OPSEC. It has ~676 downloads and remains live on npm.

Check
Search npm install logs and CI/CD for mouse5212-super-formatter. On any host that ran it, audit /mnt/user-data access and outbound GitHub API calls. Rotate exposed GitHub tokens.
Affected
Developers and AI-tooling users who installed mouse5212-super-formatter (676 downloads, still live). Systems with Claude's /mnt/user-data directory and a GitHub token in the environment are the target.
Fix
Remove the package and pin dependencies via lockfile. Rotate every GitHub token reachable from affected hosts. Treat uploaded/output files in /mnt/user-data as potentially exfiltrated.