All CosmicBytez Labs articles tagged #OAuth, across news, security advisories, how-to guides, and projects.
Critical pre-authentication vulnerability in Rocket.Chat allows any unauthenticated network attacker to obtain a valid OAuth access token for an arbitrary...
More victims have surfaced after attackers breached application vendor Klue and abused its OAuth tokens to access customers' Salesforce environments. The...
A Russian IAB harvests 110M credentials from FortiGate firewalls; the Icarus group drains hundreds of Salesforce orgs via Klue OAuth tokens; a 29-year-old...
The original shadow AI concern — employees pasting sensitive data into public tools — has been overtaken by a more dangerous problem: unsanctioned AI apps...
Market intelligence platform Klue has confirmed attackers stole OAuth tokens connected to customers' Salesforce environments, as the Icarus extortion...
Salesforce has disabled the Klue Battlecards app integration following a security incident in which attackers abused OAuth tokens to access customer CRM...
Market intelligence platform Klue suffered an OAuth breach that enabled the 'Icarus' threat actors to steal Salesforce CRM data from multiple...
Klue's Battlecards competitive intelligence application has become the third integrated app compromised in the ongoing Icarus campaign targeting...
The Form Notify plugin for WordPress is vulnerable to authentication bypass in versions up to and including 1.1.10. Attackers can manipulate...
A new iteration of the ConsentFix attack toolkit has surfaced on cybercriminal forums, adding automation and scaling capabilities to OAuth consent...
The Vercel breach, traced to a compromised third-party AI tool with OAuth access, illustrates how Shadow AI adoption and unchecked OAuth integrations are...
Stolen OAuth tokens from a compromised employee AI tool enabled attackers to pivot into Vercel's internal systems. Security researchers warn that...
Device code phishing attacks abusing the OAuth 2.0 Device Authorization Grant flow have exploded 37-fold in 2026 as ready-made phishing kits proliferate...
A new Grip Security report analyzing 23,000 SaaS environments finds 100% of companies operate shadow AI they cannot see or control — with a 490% spike in...
The Tutor LMS Pro WordPress plugin's Social Login addon fails to verify OAuth token email matches the login request, allowing unauthenticated attackers to...