OAuth

Breaking Technology

VS Code Zero-Day Exposes GitHub Tokens as Supply-Chain Attacks Breach 3,800 Internal Repositories

Unpatched OAuth vulnerability allows single-click credential theft while poisoned extension compromises GitHub's own infrastructure in 18 minutes.

8 min read ·
Technology

EvilTokens Phishing Service Bypasses MFA at 340+ Microsoft 365 Organizations

A $500/month subscription service has weaponized OAuth device code flows, rendering enterprise multi-factor authentication ineffective against credential theft.

7 min read ·