The Hacker News

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Malicious npm packages posing as n8n community nodes were used to steal OAuth tokens by abusing trusted workflow integrations ...

The biggest cybersecurity and cyberattack stories of 2025

Some stories, though, were more impactful or popular with our readers than others. This article explores 15 of the biggest ...
GitHub

GCP Oauth2 Access Token Provider

Fortunately Apache NiFi already ships with a couple of processors which provide connections to Google APIs. But since there are dozens of Google APIs and they are also subject to changes from time to ...
Bleeping Computer

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. Attackers trick victims into entering a device code on ...
TechRadar

State actors are abusing OAuth device codes to get full M365 account access - here's what we know

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
GitHub

cookie-s/oauth2_proxy

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0. Note: The user is checked ...