9 articles tagged with "Oauth"
Attackers exploited a compromised Klue Battlecards integration to steal Salesforce CRM data from enterprises including Huntress. Salesforce has disabled the app connection.
A vulnerability in GitHub.dev allowed attackers to steal GitHub OAuth tokens with full repo access via a single malicious link. Microsoft patched the flaw within 24 hours.
New phishing-as-a-service platform bypasses MFA via OAuth device code flow. FBI PSA details how Kali365's AI-generated lures and $250/month pricing are enabling widespread credential theft.
New ConsentFix v3 attack automates Microsoft Azure OAuth credential theft using Pipedream webhooks and Cloudflare phishing pages. Pre-trusted apps bypass MFA entirely.
AiTM and token theft attacks hit 40,000 daily incidents in 2026. CISA warns OAuth tokens bypass MFA, enabling invisible lateral movement across SaaS apps.
Compromised Google Workspace OAuth app 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj breached Vercel, exposing API keys and source code. Hackers demand $2M; audit Workspace apps and rotate credentials.
Security researchers expose 108 malicious Chrome extensions operating under five fake publishers, stealing Google OAuth tokens, Telegram sessions, and injecting ads. Over 20,000 users affected.
EvilTokens phishing platform targets Microsoft 365 identities across US, Canada, Australia, New Zealand, and Germany. OAuth abuse bypasses MFA to steal access tokens.
Classic Outlook users can finally sync Gmail again after Microsoft resolves OAuth token issue that blocked email synchronization since February 26. Here's what happened and how to restore access.