Cybernews

Vercel hacked after fatal OAuth misstep: granting “Allow All” permissions

Vercel has been hacked and had some customer credentials compromised after an employee's single OAuth token, which had been ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
Security Boulevard

Vercel Breach: How a Roblox Cheat Download Led to a $2M Data Heist Through AI Tool OAuth Abuse

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...
Security Boulevard

SAML vs OIDC vs OAuth 2.0: 12 Differences Every B2B Engineering Team Should Know

Choosing between SAML, OIDC, and OAuth 2.0? Explore 12 critical differences to help your B2B engineering team select the right authentication protocol today.
Bleeping Computer

Microsoft: OAuth apps used to automate BEC and cryptomining attacks

Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth (short for Open ...
Bleeping Computer

OAuth risks: How to identify, investigate, and mitigate them

We’re now all too familiar with the ubiquitous “Sign in with Google” button we encounter all over the internet. For most of us, it has become the go-to “easy button” for managing the sprawling set of ...
CSOonline

Twitter OAuth feature can be abused to hijack accounts, researcher says

The callback feature in Twitter's OAuth implementation can be abused, a researcher said at Hack in the Box A feature in the Twitter API (application programming interface) can be abused by ...
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
TechSpot

Google OAuth secrets exposed as account-hijacking MultiLogin vulnerability discovered

Facepalm: OAuth is an open standard designed to share account information with third-party services, providing users with a simple way to access apps and websites. Google, one of the companies ...