A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lead to widespread impact across downstream customers. […]
Tag: OAuth
Data Breaches, Global Security News
Vercel Employee’s AI Tool Access Led to Data Breach
Stolen OAuth tokens, which are at the root of these breaches, “are the new attack surface, the new lateral movement,” a researcher noted.
Global Security News
Device code phishing attacks surge 37x as new kits spread online
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. […]
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector
ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams. Key Takeaways OAuth Device Code phishing is rising rapidly. Campaigns abusing Microsoft’s Device…
AI, Apps, Exploits, Global Security News, Risk Management
OAuth vulnerability in n8n automation platform could lead to system compromise
A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, researchers at Imperva have discovered. Setting up OAuth allows n8n to connect to services such as Google Workspace, Microsoft 365, Slack, or GitHub without having to expose service passwords. This is core to automation platforms like…
AI, Global Security News
Microsoft: Hackers abuse OAuth error flows to spread malware
Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. […]
AI, Global Security News, Government & Policy, malware
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to their own infrastructure, to serve malware or capture login credentials. The attack, from the victim’s…
AI, Apps, Endpoint, Exploits, Global Security News, malware
OAuth phishers make ‘check where the link points’ advice ineffective
Microsoft has warned that phishers are exploiting a built-in behavior of the OAuth authentication protocol to redirect victims to malware, using links that point to legitimate identity provider domains such as Microsoft Entra ID and Google Workspace. The links look safe but ultimately lead somewhere that isn’t. “OAuth includes a legitimate feature that allows identity…
AI, Apps, Endpoint, Exploits, Global Security News, malware
OAuth phishers make ‘check where the link points’ advice ineffective
Microsoft has warned that phishers are exploiting a built-in behavior of the OAuth authentication protocol to redirect victims to malware, using links that point to legitimate identity provider domains such as Microsoft Entra ID and Google Workspace. The links look safe but ultimately lead somewhere that isn’t. “OAuth includes a legitimate feature that allows identity…
AI, Apps, Endpoint, Exploits, Global Security News, Government & Policy, malware, Risk Management
Phishing campaign exploits OAuth redirection to bypass defenses
Microsoft researchers warn that threat actors abuse OAuth redirects to target government users and deliver malware. Microsoft has warned of phishing campaigns targeting government and public-sector organizations by abusing OAuth URL redirection. Instead of stealing credentials or exploiting software flaws, attackers leverage OAuth’s legitimate by-design behavior to bypass email and browser defenses. The tactic redirects…
AI, Global Security News, Government & Policy
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described
AI, Global Security News, Risk Management
Entra ID OAuth Consent Can Grant ChatGPT Access to Emails
OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access.
AI, Apps, Global Security News, Risk Management
New phishing campaign tricks employees into bypassing Microsoft 365 MFA
Another device code phishing campaign that abuses OAuth device registration to bypass multifactor authentication login protections has been discovered. Researchers at KnowBe4 say the campaign is largely targeting North American businesses and professionals by tricking unwitting employees into clicking a link in an email from a threat actor. The message purports to be about a…
AI, Apps, Global Security News, Risk Management
New phishing campaign tricks employees into bypassing Microsoft 365 MFA
Another device code phishing campaign that abuses OAuth device registration to bypass multifactor authentication login protections has been discovered. Researchers at KnowBe4 say the campaign is largely targeting North American businesses and professionals by tricking unwitting employees into clicking a link in an email from a threat actor. The message purports to be about a…