Security Boulevard

ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts

What happened A third iteration of the ConsentFix attack technique has been circulating on hacker forums, introducing automation and scalability to a method that abuses Microsoft Azure’s OAuth2 ...

ConsentFix v3 attacks target Azure with automated OAuth abuse

A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding ...

Learning from the Vercel breach: Shadow AI & OAuth sprawl

A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Threat Post

PayPal Fixes OAuth Token Leaking Vulnerability

PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. PayPal fixed an issue that could have allowed an attacker to hijack OAuth ...