Bleeping Computer21d
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers ...
Bleeping Computer21d
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were ...
GitHub26d
React native bridge for AppAuth - an SDK for communicating with OAuth2 providers
This versions supports [email protected]+. The last pre-0.63 compatible version is v5.1.3. These providers implement the OAuth2 spec, but are not OpenID providers, which means you must configure the ...
Firstpost27d
Chinese espionage group Silk Typhoon has new tactics to target US networks
targeting Microsoft’s Entra ID (formerly Azure AD) and privileged access management systems. The group has been observed stealing credentials from Active Directory, manipulating service principals and ...