Skip to content
The Nexus
DossierENTITY

OAuth Tokens

Coverage of OAuth Tokens in the Nexus archive.

Earliest in view: Apr 20 · 21:01 UTCMost recent: Jun 28 · 13:53 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 28 · 13:53 UTCFOX NEWS
    FBI warns Microsoft users about passwordless scam

    The FBI warns about a phishing-as-a-service platform called Kali365 targeting Microsoft 365 accounts. The scam bypasses multifactor authentication by exploiting Microsoft's device code login process to steal OAuth tokens, granting attackers access to Outlook, Teams, and OneDrive without requiring passwords.

  • SECURITYJun 3 · 14:30 UTCTHE REGISTER
    Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

    Ammar Askar, a bug hunter, leaked a vulnerability in Microsoft's Visual Studio Code after becoming disillusioned with the company's handling of security reports. The exploit allows attackers to steal OAuth tokens via malicious extensions, compromising GitHub repos, and was disclosed publicly due to past negative experiences with Microsoft Security Response Center (MSRC).

  • SECURITYJun 3 · 12:58 UTCTHE HACKER NEWS
    One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

    Cybersecurity researchers disclosed a one-click attack via Microsoft Visual Studio Code that can steal GitHub OAuth tokens, allowing attackers to read and write to user repositories, including private ones. The attack exploits GitHub's GitHub.dev feature, enabling token theft through a malicious link click.

  • SECURITYApr 20 · 21:01 UTCDARK READING
    Vercel Employee's AI Tool Access Led to Data Breach

    A Vercel employee's access to an AI tool led to a data breach involving stolen OAuth tokens. The breach highlights the growing risk of OAuth tokens as a new attack vector and method for lateral movement in cyberattacks.

OAuth Tokens · Dossier · The Nexus