Zapocalypse The Attack Chain That Could Have Hijacked Zapier
Source: www.token.security
Published:
<p>Starting from a sandboxed Python code block on Zapier's free tier, the Token Security research team walked a five-step chain that ended with node package manager (NPM) publishing rights to zapier-design-system, a private package that ships JavaScript into every authenticated Zapier user's browser