-
OAuth Device Code Phishing: Azure vs. Google Compared
Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs' Live Hack to learn about attack techniques, defensive tactics, and get an Identity Security Assessment.
- November 03, 2025
- 10:11 AM
0
-
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks.
- August 26, 2025
- 03:12 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
'Stargazers' use fake Minecraft mods to steal player passwords
A large-scale malware campaign specifically targets Minecraft players with malicious mods and cheats that infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets.
- June 18, 2025
- 11:09 AM
- 0
-
Education giant Pearson hit by cyberattack exposing customer data
Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned.
- May 08, 2025
- 04:14 PM
- 2
-
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams.
- April 22, 2025
- 11:02 AM
- 0
-
Internet Archive breached again through stolen access tokens
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.
- October 20, 2024
- 10:46 AM
- 8
-
Microsoft overhauls security for publishing Edge extensions
Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions.
- September 30, 2024
- 05:49 PM
- 1
-
New York Times source code stolen using exposed GitHub token
Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer.
- June 08, 2024
- 01:10 PM
- 1
-
AI platform Hugging Face says hackers stole auth tokens from Spaces
AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members.
- June 02, 2024
- 04:56 PM
- 0
-
Over 12 million auth secrets and keys leaked on GitHub in 2023
GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days.
- March 12, 2024
- 11:23 AM
- 4
-
GitHub enables push protection by default to stop secrets leak
GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code.
- February 29, 2024
- 01:57 PM
- 0
-
Google: Malware abusing API is standard token theft, not an API issue
Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.
- January 06, 2024
- 11:40 AM
- 1
-
Malware dev says they can revive expired Google auth cookies
The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts.
- November 21, 2023
- 02:29 PM
- 0
-
Bitwarden releases free and open-source E2EE Secrets Manager
Bitwarden, the maker of the popular open-source password manager tool, has released 'Secrets Manager,' an end-to-end encrypted secrets manager for IT professionals, software development teams, and the DevOps industry.
- August 23, 2023
- 03:04 PM
- 0
-
Thousands of images on Docker Hub leak auth secrets, private keys
Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface.
- July 16, 2023
- 10:09 AM
- 0
-
New AlienFox toolkit steals credentials for 18 cloud services
A new modular toolkit called 'AlienFox' allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services.
- March 30, 2023
- 06:00 AM
- 0
-
GitHub’s secret scanning alerts now available for all public repos
GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be enabled to detect leaked secrets across an entire publishing history.
- March 01, 2023
- 12:33 PM
- 0
