Browsing Tag
OAuth
10 posts
LastPass Confirms Customer Data Breach After Klue OAuth Token Theft
LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen…
How to Get a Reddit API Key in 2026: Step-by-Step Guide
Getting a Reddit API key starts with creating an application through Reddit’s developer portal and understanding how its…
Entra ID OAuth Consent Can Grant ChatGPT Access to Emails
OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access.
Palo Alto Networks, Zscaler and PagerDuty Hit in Salesforce Linked Data Breaches
Hackers exploited the Salesloft Drift app to steal OAuth tokens and access Salesforce data, exposing customer details at…
Google Reveals UNC6395’s OAuth Token Theft in Salesforce Breach
A new advisory from Google and Mandiant reveals a widespread data breach in Salesforce. Learn how UNC6395 bypassed…
XSS and OAuth Combo Threatens Millions of Users Due to Hotjar Flaw
Cybersecurity Experts Uncover Critical Vulnerabilities in Leading Web Analytics Platform Hotjar, Potentially Exposing Sensitive Data of Millions of…
Malware Leveraging Google Cookie Exploit via OAuth2 Functionality
Among others, developers of the infamous Lumma, an infostealer malware, are already using the exploit by employing advanced…
Microsoft: Storm-1283 Sent 927,000 Phishing Emails with Malicious OAuth Apps
Cloud Security Shakeup: Experts Urge Caution as OAuth Becomes Hacker Playground.
Social Login Flaws in Popular Websites Risked Billions of User Accounts
The critical API security flaws in the social sign-in and OAuth (Open Authentication) implementations affected high-profile companies like…
New Spam Attack Abusing OAuth Apps to Target Microsoft Exchange Servers
According to Microsoft 365 Defender Research Team, in an incident they analyzed, malicious OAuth applications were deployed on compromised cloud tenants, and eventually, attackers took over Exchange servers to carry out spam campaigns.