<style>/*<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5925999397593177003&zx=bfd5dd9e-f8f8-40a9-9fa6-3070688a43d6' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5925999397593177003&zx=bfd5dd9e-f8f8-40a9-9fa6-3070688a43d6' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2460228594947362&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-2460228594947362 -->

</head><body>*/</style>

Klue OAuth breach victim list grows as Icarus hackers claim attack

Sp123

21 Jun, 2026

Lawrence Abrams reports: Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, as the new “Icarus” extortion group publicly claims the attack. The disclosure comes after cybersecurity firms Huntress and ReliaQuest detailed how attackers abused compromised Klue Battlecards integrations to steal Salesforce…

Introduction to Malware Binary Triage (IMBT) Course

Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.

Article Link: https://databreaches.net/2026/06/21/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack/?pk_campaign=feed&pk_kwd=klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack

1 post - 1 participant

Read full topic

Malware Analysis, News and Indicators - Latest topics

Sp123

"An underestimated security threat to organizations is employee apathy and burn out.‌‌"

<style>/*
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/387437488-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AEUoTZpsgNbJY0N8FH6klKpVmmzL:1782065011909';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d5925999397593177003','//www.sharitsec.eu.org/2026/06/klue-oauth-breach-victim-list-grows-as.html','5925999397593177003');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '5925999397593177003', 'title': 'SharITSec', 'url': 'https://www.sharitsec.eu.org/2026/06/klue-oauth-breach-victim-list-grows-as.html', 'canonicalUrl': 'https://www.sharitsec.eu.org/2026/06/klue-oauth-breach-victim-list-grows-as.html', 'homepageUrl': 'https://www.sharitsec.eu.org/', 'searchUrl': 'https://www.sharitsec.eu.org/search', 'canonicalHomepageUrl': 'https://www.sharitsec.eu.org/', 'blogspotFaviconUrl': 'https://www.sharitsec.eu.org/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en-GB', 'localeUnderscoreDelimited': 'en_gb', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22SharITSec - RSS\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/5925999397593177003/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/5004585527314715647/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-2460228594947362', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/cd96ebb13b57568d', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Share to X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'item', 'postId': '5004585527314715647', 'postImageUrl': 'https://databreaches.net/wp-content/plugins/wp-piwik/proxy/matomo.php?idsite\x3d11\x26rec\x3d1\x26url\x3dhttps%3A%2F%2Fdatabreaches.net%2F2026%2F06%2F21%2Fklue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack%2F%3Fpk_campaign%3Dfeed%26pk_kwd%3Dklue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack\x26action_name\x3dKlue%20OAuth%20breach%20victim%20list%20grows%20as%20Icarus%20hackers%20claim%20attack\x26urlref\x3dhttps%3A%2F%2Fdatabreaches.net%2Ffeed%2F', 'pageName': 'Klue OAuth breach victim list grows as Icarus hackers claim attack', 'pageTitle': 'SharITSec: Klue OAuth breach victim list grows as Icarus hackers claim attack', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard', 'ok': 'Ok', 'postLink': 'Post link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Klue OAuth breach victim list grows as Icarus hackers claim attack', 'description': 'Welcome to the website \x22sharitsec.eu.org\x22 a gathering place for information and learning news about hacking.', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_upcUPQyWaG2Sa4ar6TwvuT41-3wcRX-1AJ_vjLQW1Sf3VqhidaDuxAL71uH_liT6BMkQK0jrgFlXqndKeZqJJNMfm5vzH-S0d3WONtnkeASl1hieKqV0T9lnBdXCAcUeOJYOx5JZMnnFr3xM95aJve4yKHrhrjRgzH0JLKzA8gal2FIUiqOgvj4kUf0UcCHL1jv1pjNThyUGh4gnMe8-JVmkJYEnsyBD17a0SSIzE4gtXa2pDAVi8j8MhLEBb8B0TR4lLHDXq9bFuW_tknPGIDHL76_6pfskxRrgnWaHnu3F_ChCZi74kE2YlTA6gR3vHofcc9bQOz6W_e5tk8fuV213LMUJnGgP5Q9j9h8nEr0DKYgZxeC-2UNghTvmKbZTcG_ff-C9Zi5WTXWBLSxKuUxLFER5B3w45OTAsFRK9EEBI_eG2wvceA-hbNVb7hru0JPXcQJxbWEXD1eE6Fmjmx6gaEbvUow0XRZwD6E8SLsInfyyijrgCdObJTYXUJ646bd5IuYE_r3YaQ1b1B1i-E8_g_yPAi_ypBP2B5whdHV2x5tnRu0GKDP9Tp8foyclBhUDRwYUlCSoulqPF3WAEET9AVtCpw6U2DX2RokrORx3Dy577qMzYfHM97Y304bHRl6_yOZVKc553CpQ', 'url': 'https://www.sharitsec.eu.org/2026/06/klue-oauth-breach-victim-list-grows-as.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 5004585527314715647}}, {'name': 'widgets', 'data': [{'title': 'Pagination', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML8'}, {'title': 'Template License', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML7'}, {'title': 'Popular', 'type': 'PopularPosts', 'sectionId': 'upload-image', 'id': 'PopularPosts1', 'posts': [{'title': 'Meta\u2019s AI support bot happily handed Instagram accounts to hackers', 'id': 3727197823558971927}, {'title': 'Own Goal? Piracy as an Attack Vector to Target Football Fans', 'id': 5001962553457515949}, {'title': 'MSP Onboarding Best Practices That Actually Scale', 'id': 6577686364987397319}]}, {'title': 'Your Css', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML9'}, {'title': 'About Me', 'type': 'Profile', 'sectionId': 'upload-image', 'id': 'Profile1'}, {'title': 'Your Javascript', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML6'}, {'title': 'Google analytics', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML5'}, {'title': 'Navbar Menu', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML2'}, {'title': 'Icons, Dark, Search', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList10'}, {'title': 'Menu', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList11'}, {'title': 'Featured Post', 'type': 'FeaturedPost', 'sectionId': 'before-blog', 'id': 'FeaturedPost1', 'postId': '5004585527314715647'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'blog-post', 'id': 'Blog1', 'posts': [{'id': '5004585527314715647', 'title': 'Klue OAuth breach victim list grows as Icarus hackers claim attack', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_upcUPQyWaG2Sa4ar6TwvuT41-3wcRX-1AJ_vjLQW1Sf3VqhidaDuxAL71uH_liT6BMkQK0jrgFlXqndKeZqJJNMfm5vzH-S0d3WONtnkeASl1hieKqV0T9lnBdXCAcUeOJYOx5JZMnnFr3xM95aJve4yKHrhrjRgzH0JLKzA8gal2FIUiqOgvj4kUf0UcCHL1jv1pjNThyUGh4gnMe8-JVmkJYEnsyBD17a0SSIzE4gtXa2pDAVi8j8MhLEBb8B0TR4lLHDXq9bFuW_tknPGIDHL76_6pfskxRrgnWaHnu3F_ChCZi74kE2YlTA6gR3vHofcc9bQOz6W_e5tk8fuV213LMUJnGgP5Q9j9h8nEr0DKYgZxeC-2UNghTvmKbZTcG_ff-C9Zi5WTXWBLSxKuUxLFER5B3w45OTAsFRK9EEBI_eG2wvceA-hbNVb7hru0JPXcQJxbWEXD1eE6Fmjmx6gaEbvUow0XRZwD6E8SLsInfyyijrgCdObJTYXUJ646bd5IuYE_r3YaQ1b1B1i-E8_g_yPAi_ypBP2B5whdHV2x5tnRu0GKDP9Tp8foyclBhUDRwYUlCSoulqPF3WAEET9AVtCpw6U2DX2RokrORx3Dy577qMzYfHM97Y304bHRl6_yOZVKc553CpQ', 'showInlineAds': false}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}, {'name': 'share', 'label': ''}]}, 'footerBylines': [{'regionName': 'footer2', 'items': [{'name': 'labels', 'label': 'Labels:'}]}], 'allBylineItems': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': 'Labels:'}]}, {'title': '#You may also like', 'type': 'HTML', 'sectionId': 'ads-post', 'id': 'HTML15'}, {'title': '', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML25'}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar-static', 'id': 'PopularPosts10', 'posts': [{'title': 'Cybercrime Statistics 2026 (Updated) | Global Trends, Data Breaches, AI Risks \x26 Future Threats', 'id': 6803482657690734853}, {'title': 'Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th)', 'id': 6053640534990402103}, {'title': 'Top 10 Ransomware Groups of 2025', 'id': 274340544664394912}, {'title': 'Reverse engineering Apple\u2019s silent security fixes', 'id': 3140187575413931948}, {'title': 'Ducks Now Sitting (DNS): Internet Infrastructure Insecurity', 'id': 1965778115597708690}, {'title': 'Chrome flaw let extensions hijack Gemini\u2019s camera, mic, and file access', 'id': 2229763588564083491}, {'title': 'Did Iranian hackers cause operational disruptions to water and wastewater systems in the USA?', 'id': 3618585946909588976}, {'title': 'Pirated PC games are delivering password-stealing malware', 'id': 4000629304060358976}, {'title': 'Bitdefender Recognized in the 2026 Gartner\xae Europe Context: Magic Quadrant\u2122 for Endpoint Protection', 'id': 5904789729999885084}, {'title': 'UNC1549 TTPs: Iranian APT Targeting Aerospace and Defense', 'id': 6872739138464821483}]}, {'title': 'Archive', 'type': 'BlogArchive', 'sectionId': 'sidebar-static', 'id': 'BlogArchive10'}, {'title': '#Recent Post', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML19'}, {'title': 'Copyright', 'type': 'HTML', 'sectionId': 'copyright', 'id': 'HTML23'}, {'title': 'SVG Icons', 'type': 'HTML', 'sectionId': 'jet-options', 'id': 'HTML24'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML8', 'upload-image', document.getElementById('HTML8'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML7', 'upload-image', document.getElementById('HTML7'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'upload-image', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML9', 'upload-image', document.getElementById('HTML9'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ProfileView', new _WidgetInfo('Profile1', 'upload-image', document.getElementById('Profile1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML6', 'upload-image', document.getElementById('HTML6'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML5', 'upload-image', document.getElementById('HTML5'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'upload-image', document.getElementById('HTML2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'header-main', document.getElementById('LinkList10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList11', 'header-main', document.getElementById('LinkList11'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_FeaturedPostView', new _WidgetInfo('FeaturedPost1', 'before-blog', document.getElementById('FeaturedPost1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'blog-post', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/1793375781-lbx__en_gb.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/828616780-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML15', 'ads-post', document.getElementById('HTML15'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML25', 'sidebar-static', document.getElementById('HTML25'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts10', 'sidebar-static', document.getElementById('PopularPosts10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive10', 'sidebar-static', document.getElementById('BlogArchive10'), {'languageDirection': 'ltr', 'loadingMessage': 'Loading\x26hellip;'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML19', 'sidebar-static', document.getElementById('HTML19'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML23', 'copyright', document.getElementById('HTML23'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML24', 'jet-options', document.getElementById('HTML24'), {}, 'displayModeFull'));
</script>
</body>*/</style>