the icarus extortion group exploited a stale legacy oauth credential in klue's integration infrastructure to access salesforce instances belonging to at least seven cybersecurity vendors, including huntress and recorded future. the mechanism — stale oauth tokens surviving vendor offboarding — demonstrates a supply-chain attack vector targeting the security industry itself, which is structurally unusual because the victims are the organizations typically contracted to detect such compromises.