Secure Bulletin Navigating the cyber sea with knowledge
Home > Tag > OAuth
#OAuth

New ARToken Phishing Kit Abuses Microsoft’s OAuth Device Code Flow to Hijack Microsoft 365 Accounts

4 July 2026  |  dark6  |  Phishing

Cisco Talos has uncovered ARToken, a phishing panel that abuses Microsoft's device code sign-in flow to steal Microsoft 365 session tokens without a password or MFA prompt. The...

>> read more

Klue Supply Chain Hack Exposes Salesforce Data at Nine Cybersecurity Companies

23 June 2026  |  dark6  |  Databreach

A supply chain attack on market intelligence platform Klue has compromised Salesforce CRM data across at least nine organizations, including HackerOne, Huntress, and Recorded Future. The Icarus extortion...

>> read more

Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens — No Patch Coming

8 June 2026  |  dark6  |  Cybercrime

Researchers at Mitiga Labs demonstrated a five-step npm supply chain attack that rewrites ~/.claude.json to redirect Claude Code MCP traffic through attacker-controlled infrastructure, silently capturing OAuth tokens for...

>> read more

1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories

3 June 2026  |  dark6  |  Vulnerability

A critical VSCode webview vulnerability lets attackers steal GitHub OAuth tokens with a single click, granting full access to all private repositories. Researcher Ammar Askar published a complete...

>> read more

Vercel Data Breach: ShinyHunters Exploit OAuth Supply Chain Attack to Steal Customer Credentials for $2M Sale

7 May 2026  |  dark6  |  Databreach

Vercel has confirmed a security breach originating through a compromised third-party AI tool (Context.ai), where attackers used stolen OAuth tokens to access internal systems and enumerate customer environment...

>> read more

Vercel Confirms OAuth Supply Chain Breach Linked to Context.ai Compromise; ShinyHunters Claims Responsibility

23 April 2026  |  dark6  |  Databreach

Vercel has disclosed an internal breach caused by a compromised Context.ai OAuth token harvested via Lumma Stealer. A limited set of customer accounts had non-sensitive environment variables exposed,...

>> read more