FILTERING BY: CLEAR FILTER

Zapocalypse: Multi-Stage Account Takeover Exploit in Zapier

The "Zapocalypse" exploit is a critical privilege escalation chain targeting Zapier’s "Code by Zapier" Python execution feature. Threat actors leverage the intended functionality of the Python sandboxed environment to abuse platform primitives, allowing them to escape the restricted execution context and achieve full Account Takeover (ATO). This logic-based exploit enables attackers to hijack user sessions and subsequently compromise every third-party SaaS application integrated via API into the affected Zapier account. Zapier has since deployed a patch to remediate the vulnerability.


LINK COPIED TO CLIPBOARD