The Hacker News

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

OAuth tokens without expiry enable breaches like Drift attack on 700+ firms, bypassing MFA and exposing sensitive data.

SlashID Launches AI Identity Governance, the First Access Graph-Native Solution Built to Govern OAuth-Connected AI Apps, Agents, and MCP Servers

SlashID, the platform that secures every identity, today announced the launch of AI Identity Governance. This represents the ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
techtimes

From OAuth to JWT: Nikhil Chandrashekar's Comprehensive Guide to Secure Authentication

In today's interconnected digital world, secure authentication is paramount, forming the backbone of reliable and safe digital applications. As one of the industry's most seasoned experts and leaders, ...
Security Boulevard

ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts

What happened A third iteration of the ConsentFix attack technique has been circulating on hacker forums, introducing automation and scalability to a method that abuses Microsoft Azure’s OAuth2 ...

Learning from the Vercel breach: Shadow AI & OAuth sprawl

A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach ...

ConsentFix v3 attacks target Azure with automated OAuth abuse

A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding ...

Cloud development platform Vercel was hacked

The company says the attack originated from a compromised ‘third-party AI tool.’ ...
TechRadar

OAuth apps are being exploited to launch cyberattacks

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. In order for OAuth apps to work with cloud services, most of them request permission to access ...