Dossier
OAuth abuse
Coverage of OAuth abuse in the Nexus archive.
- ConsentFix v3 attacks target Azure with automated OAuth abuse
ConsentFix v3 is a new automated attack method targeting Microsoft Azure through OAuth abuse, leveraging hacker forums for distribution and enhancing previous techniques with automation and scaling capabilities.
- AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account
Vercel's CEO suspects AI-assisted intruders exploited OAuth abuse and a stolen employee account to breach the company, with stolen data being sold for $2 million. The attackers demonstrated a 'surprising velocity' and deep infrastructure knowledge.