Novel OAuth Client ID Spoofing Technique Targets Cloud Environments
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
Microsoft researchers warn of a large-scale phishing campaign using fake compliance emails to steal credentials, targeting 35,000 users across 13,000 organizations worldwide
Attackers are abusing Microsoft 365 mailbox rules to hide activity, exfiltrate data and retain access after account compromise, researchers warn
Researchers at Check Point link ‘Amarath-Dragon’ attacks to prolific Chinese cyber-espionage operation
Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email
Security researchers from ExtensionTotal have found nine malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor
Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers
Researchers have uncovered a surge in phishing attacks using Visio .vsdx files to evade security scans
Cisco Talos researchers found a flaw in eight Microsoft apps for macOS that could enable library injection attacks, putting sensitive data at risk
CVE-2024-38173 is a medium severity RCE flaw in Microsoft Outlook, similar to CVE-2024-30103
Blackwing researchers bypass the authentication system
Uptycs researchers said the technique exploits Microsoft files to execute malicious commands
An overly permissive Shared Access Signature (SAS) token was to blame
Researchers detail the DLL side-loading technique used to deploy malware that facilitates credential theft and lateral movement
The findings come from security researchers at Cisco Talos
Researchers claim thousands of global customers were impacted