The Hacker News

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

OAuth tokens without expiry enable breaches like Drift attack on 700+ firms, bypassing MFA and exposing sensitive data.
Bleeping Computer

GitHub: How stolen OAuth tokens helped breach dozens of orgs

GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations. The attacker used stolen OAuth ...
Threat Post

Twitter OAuth API Keys Leaked

The OAuth keys and secrets that official Twitter applications use to access users’ Twitter accounts have been leaked in a post to Github this morning. The OAuth keys and secrets that official Twitter ...
Security Boulevard

AI Agent Identity Management: A 2026 CISO Playbook

A 2026 CISO Playbook In January 2024, a Russian state actor walked into Microsoft’s corporate email. The front door wasn’t a ...

Learning from the Vercel breach: Shadow AI & OAuth sprawl

A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lead to widespread impact across downstream ...
SD Times

The importance of OAuth 2.0

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...