New ARToken Phishing Kit Abuses Microsoft’s OAuth Device Code Flow to Hijack Microsoft 365 Accounts
Cisco Talos has uncovered ARToken, a phishing panel that abuses Microsoft's device code sign-in flow to steal Microsoft 365 session tokens without a password or MFA prompt. The...
Klue Supply Chain Hack Exposes Salesforce Data at Nine Cybersecurity Companies
A supply chain attack on market intelligence platform Klue has compromised Salesforce CRM data across at least nine organizations, including HackerOne, Huntress, and Recorded Future. The Icarus extortion...
Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens — No Patch Coming
Researchers at Mitiga Labs demonstrated a five-step npm supply chain attack that rewrites ~/.claude.json to redirect Claude Code MCP traffic through attacker-controlled infrastructure, silently capturing OAuth tokens for...
1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories
A critical VSCode webview vulnerability lets attackers steal GitHub OAuth tokens with a single click, granting full access to all private repositories. Researcher Ammar Askar published a complete...
Vercel Data Breach: ShinyHunters Exploit OAuth Supply Chain Attack to Steal Customer Credentials for $2M Sale
Vercel has confirmed a security breach originating through a compromised third-party AI tool (Context.ai), where attackers used stolen OAuth tokens to access internal systems and enumerate customer environment...
Vercel Confirms OAuth Supply Chain Breach Linked to Context.ai Compromise; ShinyHunters Claims Responsibility
Vercel has disclosed an internal breach caused by a compromised Context.ai OAuth token harvested via Lumma Stealer. A limited set of customer accounts had non-sensitive environment variables exposed,...