Salesforce failed to address the massive wave of OAuth breaches at its Dreamforce conference, but securing third-party authentication is paramount for the agentic future it seeks.

In my view, this is the gunpowder moment in cybersecurity: Attackers who embrace AI stand to gain a massive, immediate advantage.

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Alerts never stop, cloud blind spots keep multiplying, and now attackers are using AI to scale faster than human defenders ever could. And so the SOCs are drowning.

Farmers Insurance's 1.1 million-person breach shows why insurers must abandon prevention-focused security and implement rapid detection strategies.||Farmers Insurance's 1.1 million-person breach shows why insurers must abandon prevention-focused security and implement rapid detection strategies.

Things that continue to elude scientific observation: the Loch Ness Monster, Bigfoot and the ransomware hacker who voluntarily chose retirement. There's no such thing as 'retirement' in cybercrime, despite some ransomware hackers dangling promises to leave the field.

Mitiga Labs began investigating a series of suspicious activities targeting Salesforce environments well before the news broke publicly. It all started with traffic from Tor exit nodes interacting with Salesforce via an app called Drift. Is this normal behavior? What is Drift? And how do we assess its legitimacy? This is where the challenge of shadow IT surfaces – security operations teams are often left scrambling to determine whether such activity is authorized or a sign of compromise.