Wired

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

The office communication platform Slack is known for being easy and intuitive to use. But the company said on Friday that one of its low-friction features contained a vulnerability, now fixed, that ...
ZDNet

Slack bug granted hackers full access to accounts, messages

Slack has fixed a security flaw that let hackers steal user authentication tokens used to gain full and complete access to accounts and messages. Frans Rosén created a proof-of-concept exploit that ...
Bleeping Computer

Slack Bug Allowed Automating Account Takeover Attacks

Slack has fixed a security flaw that allowed hackers to automate the takeover of arbitrary accounts after stealing session cookies using an HTTP Request Smuggling CL ...
Threat Post

Critical Slack Bug Allows Access to Private Channels, Conversations

The RCE bug affects versions below 4.4 of the Slack desktop app. A critical vulnerability in the popular Slack collaboration app would allow remote code-execution (RCE). Attackers could gain full ...