News

CSO Online7d
Cybercrooks faked Microsoft OAuth apps for MFA phishing
Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to ...
CSOonline3y
GitHub repositories compromised by stolen OAuth tokens
GitHub said Friday that five specific OAuth applications were affected — four versions of Heroku Dashboard, and Travis CI (IDs 145909, 628778, 313468, 363831 and 9261).
itc.ua1y
Hackers are attacking GitHub users again — this is OAuth phishing
How states Bleeping Computer, dozens of similar cases have been reported since February. Developers received fake job offers or security alerts. In the latter case, the emails came from “ [email ...
IT News For Australia Business3y
Stolen Heroku and Travis-CI OAuth tokens used for GitHub repo hacks
An attacker who used stolen OAuth open standard authentication tokens from Heroku and Travis-CI was able to download private repositories and source code ahead of the Easter holidays.
ZDNet3y
Heroku fesses up to customer password theft due to OAuth token attack
Hashed and salted passwords of customers were exfiltrated thanks to a stolen GitHub integration OAuth token. Written by Chris Duckett, Contributor May 5, 2022, 7:06 p.m. PT ...