#OAuth
25 stories taggedOAuth.

Old, Silent GitHub Accounts Are Being Used to Quietly Map Companies
Datadog Security Labs says several overlapping scraping campaigns are cataloguing corporate GitHub organisations using dormant 'ghost' accounts and stolen tokens.

81 Million Login Attempts: A Massive Password Spray Attack Hit Microsoft 365 Users
Criminals hammered Microsoft accounts with automated login attempts for two weeks. At least 78 accounts were broken into — and many victims had multi-factor authentication switched on, just not set up correctly.

Drag, Drop, Hijacked: How 'ConsentFix' Steals Microsoft 365 Sessions in Seconds
A new twist on the ClickFix trick turns Microsoft's own sign-in prompts into a session-theft machine — and a step-by-step guide is now circulating on a Russian crime forum.

ToddyCat's New Umbrij Malware Pulls Gmail Straight From Google's API
Kaspersky ties the China-nexus crew to a Gmail-siphoning tool that skips the browser and talks to Google directly.

Klue Breach Compromises Salesforce Data via OAuth Token Theft
Unauthorized access exposes CRM data; threat actors exploit legacy credentials.

Klue Confirms OAuth Token Theft as 'Icarus' Crew Stakes Public Claim
The market intelligence vendor's disclosure adds another name to the lengthening list of Salesforce-adjacent SaaS breaches tied to stolen OAuth credentials.

Device Code Phishing Is Eating MFA. Behavioral Detection Is the Backstop.
Token theft and consent-grant abuse sidestep the second factor entirely. Defenders are leaning on anomaly detection because the login looks legitimate.

Shadow AI Is an IAM Problem Now, Not a DLP Problem
The risk isn't what employees paste into ChatGPT. It's what tokens, scopes, and service accounts the AI agents they spin up are quietly holding.

Salesforce Cuts Klue Battlecards Tie-In After OAuth Token Compromise
The CRM giant pulled the competitive-intelligence app's integration on June 11 following a security incident that exposed connected customer data.

The Week Identity Attacks Started Looking Like SaaS
Worm kits in public repos, a subscription RAT that clones live browser sessions, and AI agents that hand over credentials when asked nicely.

Infostealers Are Now the Front Door for Ransomware Gangs
Credential theft at industrial scale has made exploit-based initial access look quaint. Here's why stolen session tokens are reshaping the attack chain.

When the Pentest Report Goes Quiet, Start Worrying
Stable findings aren't the same as a stable attack surface — and identity paths are usually what the scanners stop seeing first.

One-Click VS Code Flaw Exposed GitHub OAuth Tokens to Theft
A researcher-disclosed bug in Microsoft's browser-based VS Code variant let a single crafted link siphon tokens with read/write access to private repos.

Lookalike Open-Source Portals Are SEO-Climbing Their Way to Malware Delivery
A Traffic Distribution System fronts fake project sites to drop Remus Stealer, AnimateClipper, and the SessionGate framework. None of this is an auth problem — but the stolen sessions afterward absolutely are.

GitHub's Browser VSCode Handed Attackers a Skeleton Key to Your Private Repos
An unscoped OAuth token, a Jupyter notebook, and a skipped publisher trust check. That's all it took.