Tag

#OAuth

25 stories taggedOAuth.

Full-frame edge-to-edge photoreal news-editorial shot of a dim server room aisle at night, rows of dark server racks with faint green and amber status lights re
Threat Intelligence

Old, Silent GitHub Accounts Are Being Used to Quietly Map Companies

Datadog Security Labs says several overlapping scraping campaigns are cataloguing corporate GitHub organisations using dormant 'ghost' accounts and stolen tokens.

3 min
Extreme close-up of a server rack's blinking status lights in a darkened data centre, rows of ethernet cables in cool blue and amber tones, shallow depth of fie
Identity & Access

81 Million Login Attempts: A Massive Password Spray Attack Hit Microsoft 365 Users

Criminals hammered Microsoft accounts with automated login attempts for two weeks. At least 78 accounts were broken into — and many victims had multi-factor authentication switched on, just not set up correctly.

3 min
Photoreal editorial close-up of a laptop screen showing a generic blurred cloud sign-in prompt, a translucent glowing link being dragged across the screen by a
Identity & Access

Drag, Drop, Hijacked: How 'ConsentFix' Steals Microsoft 365 Sessions in Seconds

A new twist on the ClickFix trick turns Microsoft's own sign-in prompts into a session-theft machine — and a step-by-step guide is now circulating on a Russian crime forum.

4 min
Full-frame edge-to-edge photoreal editorial image of a darkened data center corridor with a single amber warning light reflecting off polished server racks, an
Threat Intelligence

ToddyCat's New Umbrij Malware Pulls Gmail Straight From Google's API

Kaspersky ties the China-nexus crew to a Gmail-siphoning tool that skips the browser and talks to Google directly.

3 min
Breaches

Klue Breach Compromises Salesforce Data via OAuth Token Theft

Unauthorized access exposes CRM data; threat actors exploit legacy credentials.

2 min
Breaches

Klue Confirms OAuth Token Theft as 'Icarus' Crew Stakes Public Claim

The market intelligence vendor's disclosure adds another name to the lengthening list of Salesforce-adjacent SaaS breaches tied to stolen OAuth credentials.

3 min
Identity & Access

Device Code Phishing Is Eating MFA. Behavioral Detection Is the Backstop.

Token theft and consent-grant abuse sidestep the second factor entirely. Defenders are leaning on anomaly detection because the login looks legitimate.

3 min
Identity & Access

Shadow AI Is an IAM Problem Now, Not a DLP Problem

The risk isn't what employees paste into ChatGPT. It's what tokens, scopes, and service accounts the AI agents they spin up are quietly holding.

3 min
Cloud Security

Salesforce Cuts Klue Battlecards Tie-In After OAuth Token Compromise

The CRM giant pulled the competitive-intelligence app's integration on June 11 following a security incident that exposed connected customer data.

2 min
Identity & Access

The Week Identity Attacks Started Looking Like SaaS

Worm kits in public repos, a subscription RAT that clones live browser sessions, and AI agents that hand over credentials when asked nicely.

3 min
Identity & Access

Infostealers Are Now the Front Door for Ransomware Gangs

Credential theft at industrial scale has made exploit-based initial access look quaint. Here's why stolen session tokens are reshaping the attack chain.

2 min
Identity & Access

When the Pentest Report Goes Quiet, Start Worrying

Stable findings aren't the same as a stable attack surface — and identity paths are usually what the scanners stop seeing first.

3 min
Vulnerabilities

One-Click VS Code Flaw Exposed GitHub OAuth Tokens to Theft

A researcher-disclosed bug in Microsoft's browser-based VS Code variant let a single crafted link siphon tokens with read/write access to private repos.

3 min
Identity & Access

Lookalike Open-Source Portals Are SEO-Climbing Their Way to Malware Delivery

A Traffic Distribution System fronts fake project sites to drop Remus Stealer, AnimateClipper, and the SessionGate framework. None of this is an auth problem — but the stolen sessions afterward absolutely are.

2 min
Vulnerabilities

GitHub's Browser VSCode Handed Attackers a Skeleton Key to Your Private Repos

An unscoped OAuth token, a Jupyter notebook, and a skipped publisher trust check. That's all it took.

3 min
© 2026 Threat Vectr