Dark Reading

Slack's Incoming Webhooks Can Be Weaponized in Phishing Attacks

Security researchers exploring attack vectors in collaboration platform Slack have discovered a way its Incoming Webhooks could be leveraged to launch phishing attacks against employees. Incoming ...
Mashable

Ouch: Some Slack developers have been exposing corporate data

If you perform a very specific query in the search field of online code repository Github, where many Slack bot projects are stored, you can get info that potentially lets you access a trove of ...
Hackaday

Cruising GitHub For Slack Webhook Tokens

GitHub is an incredibly powerful tool for sharing source code, and its value to the modern hacker can’t be overstated. But there’s at least one downside to effortlessly sharing your source: it’s now ...
PC World

Developers leak Slack access tokens on GitHub, putting sensitive business data at risk

Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams’ internal chats and other data at risk. Slack has become ...