Skip to content
The Nexus
DossierENTITY

OAuth

Coverage of OAuth in the Nexus archive.

Earliest in view: Apr 20 · 05:46 UTCMost recent: Jul 2 · 13:04 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 2 · 13:04 UTCTHE HACKER NEWS
    ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

    ToddyCat, a threat actor, has been linked to Umbrij malware that exploits OAuth to access Gmail via Google API, targeting corporate email compromises. Kaspersky reported that attackers focused on breaching Gmail communications through API access.

  • TECHNOLOGYJun 25 · 02:18 UTCHACKER NEWS
    Cloudflare launched self-managed OAuth for all

    Cloudflare has launched self-managed OAuth for all users, expanding access to its authentication service. The feature allows developers to manage OAuth workflows independently.

  • SECURITYJun 19 · 22:31 UTCBLEEPING COMPUTER
    Klue OAuth breach victim list grows as Icarus hackers claim attack

    Market intelligence platform Klue confirmed a security incident where threat actors stole OAuth tokens used to access customers' Salesforce environments. The Icarus extortion group has publicly claimed responsibility for the attack.

  • SECURITYMay 28 · 10:07 UTCNBC5 CHICAGO
    FBI warns of major phishing scam, with hackers ‘hijacking' Microsoft Outlook, 365 users

    The FBI warns of a phishing scam targeting Microsoft Outlook and 365 users, using a pre-packaged phishing kit called Kali 365 distributed via Telegram. Hackers exploit OAuth tokens to bypass multi-factor authentication, gaining unauthorized access to accounts and services like Outlook, Teams, and OneDrive.

  • SECURITYMay 22 · 20:01 UTCRECORDED FUTURE NEWS
    FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks

    The FBI has issued a warning about Kali365, a phishing-as-a-service platform operating on Telegram that enables cybercriminals to steal OAuth tokens and gain unauthorized access to Microsoft 365 environments. The advisory follows attacks in April targeting Microsoft 365 users. This threat represents a significant security risk for organizations relying on cloud-based Microsoft services.

  • SECURITYMay 5 · 11:58 UTCTHE HACKER NEWS
    The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

    Attackers can exploit persistent OAuth tokens from AI tools and productivity apps connected to Google or Microsoft, bypassing perimeter controls and MFA. These tokens have no expiration date and are often left unmonitored. This vulnerability poses a significant security risk to organizations.

  • SECURITYApr 29 · 13:05 UTCBLEEPING COMPUTER
    Learning from the Vercel breach: Shadow AI & OAuth sprawl

    The Vercel breach highlights risks from third-party OAuth integrations, showing how a compromised app can expose customer environments. Push warns that OAuth sprawl and Shadow AI practices amplify security vulnerabilities.

  • SECURITYApr 20 · 05:46 UTCR/SOLANA
    Vercel Security Incident: Immediate Advisory for Solana DeFi Projects

    Vercel reported unauthorized access to internal systems via a compromised third-party AI tool's Google Workspace OAuth app. While services remain operational and no sensitive data was confirmed accessed, Solana DeFi teams are urged to rotate secrets and audit OAuth integrations for security.

OAuth · Dossier · The Nexus