OAuth
Breaking
Technology
VS Code Zero-Day Exposes GitHub Tokens as Supply-Chain Attacks Breach 3,800 Internal Repositories
Unpatched OAuth vulnerability allows single-click credential theft while poisoned extension compromises GitHub's own infrastructure in 18 minutes.
Technology
EvilTokens Phishing Service Bypasses MFA at 340+ Microsoft 365 Organizations
A $500/month subscription service has weaponized OAuth device code flows, rendering enterprise multi-factor authentication ineffective against credential theft.