Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
15 articles

#OAuth

All CosmicBytez Labs articles tagged #OAuth, across news, security advisories, how-to guides, and projects.

  • SecurityJun 25, 2026

    CVE-2026-45689: Rocket.Chat OAuth Token Hijack via MongoDB Operator Injection (CVSS 9.1)

    Critical pre-authentication vulnerability in Rocket.Chat allows any unauthenticated network attacker to obtain a valid OAuth access token for an arbitrary...

  • NewsJun 23, 2026

    Scope of Salesforce Attacks Expands as Icarus Leaks Stolen Data

    More victims have surfaced after attackers breached application vendor Klue and abused its OAuth tokens to access customers' Salesforce environments. The...

  • NewsletterJun 23, 2026

    June 23 Digest: FortiBleed, Klue/Salesforce Supply Chain, Squidbleed, GitHub Actions Fix

    A Russian IAB harvests 110M credentials from FortiGate firewalls; the Icarus group drains hundreds of Salesforce orgs via Klue OAuth tokens; a 29-year-old...

  • NewsJun 19, 2026

    Forget Data Leakage: Shadow AI's Real Threat Is Access Control

    The original shadow AI concern — employees pasting sensitive data into public tools — has been overtaken by a more dangerous problem: unsanctioned AI apps...

  • NewsJun 19, 2026

    Klue OAuth Breach Victim List Grows as Icarus Hackers Claim Attack

    Market intelligence platform Klue has confirmed attackers stole OAuth tokens connected to customers' Salesforce environments, as the Icarus extortion...

  • NewsJun 19, 2026

    Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

    Salesforce has disabled the Klue Battlecards app integration following a security incident in which attackers abused OAuth tokens to access customer CRM...

  • NewsJun 18, 2026

    Klue OAuth Breach Linked to 'Icarus' Salesforce Data Theft Attacks

    Market intelligence platform Klue suffered an OAuth breach that enabled the 'Icarus' threat actors to steal Salesforce CRM data from multiple...

  • NewsJun 18, 2026

    Salesforce Data Thefts Continue via Klue App Compromise

    Klue's Battlecards competitive intelligence application has become the third integrated app compromised in the ongoing Icarus campaign targeting...

  • SecurityMay 16, 2026

    WordPress Form Notify Plugin Auth Bypass via LINE OAuth

    The Form Notify plugin for WordPress is vulnerable to authentication bypass in versions up to and including 1.1.10. Attackers can manipulate...

  • NewsMay 2, 2026

    ConsentFix v3 Automates Azure OAuth Abuse With Mass

    A new iteration of the ConsentFix attack toolkit has surfaced on cybercriminal forums, adding automation and scaling capabilities to OAuth consent...

  • NewsApr 29, 2026

    Learning from the Vercel Breach: Shadow AI and OAuth Sprawl

    The Vercel breach, traced to a compromised third-party AI tool with OAuth access, illustrates how Shadow AI adoption and unchecked OAuth integrations are...

  • NewsApr 20, 2026

    Vercel Employee's AI Tool Access Led to Data Breach

    Stolen OAuth tokens from a compromised employee AI tool enabled attackers to pivot into Vercel's internal systems. Security researchers warn that...

  • NewsApr 4, 2026

    Device Code Phishing Attacks Surge 37x as New Kits Spread

    Device code phishing attacks abusing the OAuth 2.0 Device Authorization Grant flow have exploded 37-fold in 2026 as ready-made phishing kits proliferate...

  • NewsMar 18, 2026

    Shadow AI in SaaS: How Hidden AI Agents Are Enabling

    A new Grip Security report analyzing 23,000 SaaS environments finds 100% of companies operate shadow AI they cannot see or control — with a 490% spike in...

  • SecurityMar 11, 2026

    Critical Auth Bypass in Tutor LMS Pro Exposes 30,000+

    The Tutor LMS Pro WordPress plugin's Social Login addon fails to verify OAuth token email matches the login request, allowing unauthenticated attackers to...