Stolen OAuth Tokens Hit Security Firms, AryStinger Router Botnet Emerges, AI Deepfake Cyberstalking

Written By David Shipley

Beauceron CEO David Shipley covers the latest news in this episode of Cybersecurity Today.

A breach at market intelligence platform Klue allowed attackers to steal OAuth tokens linking Klue to customers’ Salesforce environments, enabling quiet API-driven data extraction from firms including Huntress, Recorded Future, Tanium, and Jamf; Klue revoked tokens, removed the legacy integration credential involved, and engaged CrowdStrike as Icarus threatens extortion, echoing earlier Salesforce token-theft campaigns affecting nearly 1,000 companies.

Researchers also detail AriStinger, a new botnet infecting 4,000+ end-of-life D-Link routers to scan, proxy, tunnel, execute commands, and hijack DNS, with many infections in South Korea and China.

The episode covers federal cyberstalking charges against an American man for allegedly using fake accounts and AI-generated nude images, and ESET’s report that the “Gentleman” ransomware crew is developing modular EDR-killing tools to disable endpoint defenses.

David Shipley
Previous

Fortibleed: Fortinet says it’s not a bug
Next

AI Worms, Hacks, and Insurance Shifts