Threat Post

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...
VentureBeat

Hackers use stolen OAuth access tokens to breach dozens of organization’s internal systems

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Last week, GitHub Security researchers ...
Dark Reading

Hundreds of Web Apps Have Full Access to Microsoft OneDrive Files

Millions of OneDrive users who upload and interact with files through third-party Web apps may unknowingly be granting those apps full access to their entire OneDrive storage. The root of the problem, ...
Dark Reading

Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials

Salesforce subsidiary Heroku on Thursday said that the threat actor that stole Heroku GitHub integration OAuth tokens in April also accessed an internal database containing hashed and salted passwords ...
来自MSN

Stolen OAuth tokens expose Palo Alto customer data

Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lifted from the Salesloft Drift break-in to gain entry to ...
CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...
来自MSN

Experts warn Microsoft Copilot Studio agents are being hijacked to steal OAuth tokens

CoPhish uses Copilot Studio agents to phish OAuth tokens via fake login flows Attackers exploit Microsoft domains to appear legitimate and access sensitive user data Mitigations include restricting ...