GitHub

OAuth2 Proxy K8s Operator

OAuth2 Proxy is a reverse proxy and static file server that authenticates users through providers like Google and GitHub, allowing validation by email, domain, or group. This operator provides the ...
GitHub

jkroepke/openvpn-auth-oauth2

openvpn-auth-oauth2 is a management client for OpenVPN that handles the single sign-on (SSO) authentication against various OIDC providers. This project aims to simplify the process of integrating ...
Wall Street Journal

New Class of Warship to Be Named After Trump

President Trump said the U.S. Navy would build a new ‘Trump-class’ battleship, with construction of the first ship to begin almost immediately. Photo: Alex Brandon/Associated Press President Trump ...
Bleeping Computer

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. Attackers trick victims into entering a device code on ...
Bleeping Computer

New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock

The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections. The ...
Security Boulevard

Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts

A range of state-sponsored and financially motivated threat groups are abusing Microsoft’s OAuth 2.0 device authorization grant flow to trick users into giving them access into their M365 accounts.
TechRadar

State actors are abusing OAuth device codes to get full M365 account access - here's what we know

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter ...
The Hacker News

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
The Hacker News

The Case for Dynamic AI-SaaS Security as Copilots Scale

Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ...
SecurityWeek

UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks

Motherboards from several major vendors are affected by a vulnerability that can allow a threat actor to conduct early-boot attacks. According to an advisory published on Wednesday by Carnegie Mellon ...