OAuth - Security Ticks

OAuth marketplace apps keep access after publishers vanish

auditing, cyber risk, cybersecurity, Don't miss, GitHub, Google Workspace, News, OAuth, report, research, Risk Management / SecurityTicks

OAuth marketplace apps keep access after publishers vanish 2026-06-04 at 16:06 By Mirko Zorz Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps the appearance of approval. The OAuth […]

OAuth marketplace apps keep access after publishers vanish Read More »

What happens when your identity provider becomes the kill chain

Atsign, authentication, cybersecurity, Don't miss, identity protection, News, OAuth, strategy, tips, Video / SecurityTicks

What happens when your identity provider becomes the kill chain 2026-05-20 at 09:34 By Help Net Security In this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in

What happens when your identity provider becomes the kill chain Read More »

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking

AI, Application Security, Claude Code, OAuth, Vulnerabilities / SecurityTicks

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking 2026-05-07 at 17:33 By Kevin Townsend Mitiga researchers say attackers can silently redirect Claude Code MCP traffic, intercept OAuth tokens, and maintain persistent access to connected SaaS platforms. The post Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking appeared first on

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking Read More »

Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches

AI, Artificial Intelligence, Identity & Access, OAuth, SaaS / SecurityTicks

Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches 2026-03-18 at 16:02 By Kevin Townsend From Chaos to Control examines the chaos that often comes from shadow AI hidden in SaaS apps and urges better visibility and control over agentic AI. The post Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive

Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches Read More »

Threat actors weaponize OAuth redirection logic to deliver malware

Don't miss, Government, Hot stuff, Malware, Microsoft, News, OAuth, phishing, public sector, social engineering / SecurityTicks

Threat actors weaponize OAuth redirection logic to deliver malware 2026-03-03 at 19:46 By Zeljka Zorz An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to

Threat actors weaponize OAuth redirection logic to deliver malware Read More »

Attackers turn trusted OAuth apps into cloud backdoors

attack tools, automation, cloud security, Don't miss, enterprise, Hot stuff, Microsoft Entra ID, News, OAuth, privileged accounts, Proofpoint / SecurityTicks

Attackers turn trusted OAuth apps into cloud backdoors 2025-10-22 at 15:43 By Zeljka Zorz Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or

Attackers turn trusted OAuth apps into cloud backdoors Read More »

Attackers are turning Salesforce trust into their biggest weapon

cybersecurity, Don't miss, News, OAuth, report, Salesforce, survey, threats, WithSecure / SecurityTicks

Attackers are turning Salesforce trust into their biggest weapon 2025-09-04 at 09:02 By Sinisa Markovic Salesforce has become a major target for attackers in 2025, according to new WithSecure research into threats affecting customer relationship management (CRM) platforms. The report shows that malicious activity inside Salesforce environments rose sharply in the first quarter of this

Attackers are turning Salesforce trust into their biggest weapon Read More »

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise

Cloudflare, credentials, data breach, Don't miss, Hot stuff, News, OAuth, Proofpoint, Rubrik, SaaS, Salesforce, supply chain compromise / SecurityTicks

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise 2025-09-03 at 16:13 By Zeljka Zorz Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 Cloudflare API tokens. “We have identified no suspicious activity associated

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise Read More »

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach

Astrix Security, data breach, Don't miss, Gmail, Google, Hot stuff, Mandiant, News, OAuth, PagerDuty, Palo Alto Networks, Salesforce, SpyCloud, Tanium, WideField, Zscaler / SecurityTicks

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach 2025-09-02 at 18:20 By Zeljka Zorz In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach Read More »

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius

AppOmni, cloud security, credentials, data theft, Don't miss, Google, Hot stuff, News, OAuth, Salesforce, third party compromise / SecurityTicks

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius 2025-08-27 at 17:47 By Zeljka Zorz A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments. “[Google Threat Intelligence Group] observed UNC6395

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius Read More »

Attackers phish OAuth codes, take over Microsoft 365 accounts

account hijacking, APT, Don't miss, government-backed attacks, Hot stuff, Microsoft 365, News, OAuth, phishing, Volexity / SecurityTicks

Attackers phish OAuth codes, take over Microsoft 365 accounts 2025-04-23 at 13:36 By Zeljka Zorz Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics observed involve the attacker requesting victim’s supply Microsoft Authorization codes, which grant the attacker with

Attackers phish OAuth codes, take over Microsoft 365 accounts Read More »

Legacy Google Service Abused in Phishing Attacks

email security, Google phishing, OAuth, phishing / SecurityTicks

Legacy Google Service Abused in Phishing Attacks 2025-04-22 at 14:15 By Ionut Arghire A sophisticated phishing campaign abuses weakness in Google Sites to spoof Google no-reply addresses and bypass protections. The post Legacy Google Service Abused in Phishing Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Legacy Google Service Abused in Phishing Attacks Read More »

GitHub project maintainers targeted with fake security alert

account hijacking, Don't miss, GitHub, Hot stuff, News, OAuth, phishing / SecurityTicks

GitHub project maintainers targeted with fake security alert 2025-03-17 at 12:52 By Zeljka Zorz A phishing campaign targeting GitHub account owners has been trying to scare them with a fake security alert into allowing a malicious OAuth app access to their account and repositories. The fake security alert from GitHub GitHub users have taken to

GitHub project maintainers targeted with fake security alert Read More »

Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw

Application Security, Featured, OAuth, Vulnerabilities, XSS / SecurityTicks

Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw 2024-07-29 at 15:16 By Kevin Townsend Researchers discovered and published details of an XSS attack that could potentially impact millions of websites around the world. The post Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw appeared first on SecurityWeek. This article is an

Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw Read More »

Product showcase: How to track SaaS security best practices with Nudge Security

access management, News, Nudge Security, OAuth, Product showcase, SaaS, SSO / SecurityTicks

Product showcase: How to track SaaS security best practices with Nudge Security 2024-03-13 at 06:37 By Help Net Security As technology adoption has shifted to be employee-led, IT and security teams are contending with an ever-expanding SaaS attack surface. At the same time, they are often spread thin, meaning they need ways to quickly identify

Product showcase: How to track SaaS security best practices with Nudge Security Read More »

How threat actors abuse OAuth apps

access control, access management, Application Security, Astrix Security, attacks, cybersecurity, Don't miss, Hot stuff, OAuth, Video / SecurityTicks

How threat actors abuse OAuth apps 2024-02-08 at 06:31 By Help Net Security OAuth apps have become prominent in several attack groups’ TTPs in recent years. OAuth apps are used for every part of the attack process. In this Help Net Security video, Tal Skverer, Research Team Lead at Astrix Security, shares insights on how

How threat actors abuse OAuth apps Read More »

3 ways to combat rising OAuth SaaS attacks

access control, Adaptive Shield, attacks, authentication, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, monitoring, News, OAuth, opinion, SaaS / SecurityTicks

3 ways to combat rising OAuth SaaS attacks 2024-01-16 at 07:31 By Help Net Security OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to take over a cloud server and mine cryptocurrency, establish persistence following business email compromise and launch spam activity using the

3 ways to combat rising OAuth SaaS attacks Read More »

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns

account hijacking, BEC scams, cryptojacking, Don't miss, Hot stuff, Microsoft, Microsoft 365, Microsoft Azure, Microsoft Entra ID, News, OAuth, phishing, spam / SecurityTicks

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns 13/12/2023 at 16:46 By Helga Labus Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications OAuth is an open standard authentication protocol that uses tokens to grant applications access to server resources without

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns Read More »

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps

Azure, cloud security, Microsoft, noAuth, OAuth, Vulnerabilities / SecurityTicks

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps 20/06/2023 at 23:24 By Ryan Naraine Businesses using ‘Log in with Microsoft’ could be exposed to privilege escalation and full account takeover exploits. The post Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps appeared first on SecurityWeek. This article is an

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps Read More »