CSO Online

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.
The Hacker News

ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More

ThreatsDay: OAuth abuse, Signal hijacks, Zombie ZIP evasion, Teams malware, AI hack, RondoDox botnet, and more cyber stories.
Security Boulevard

External Authentication: Exploring WS-Trust for Authentication

Let’s be honest. Nobody wakes up in the morning excited to debug XML. In the rush to slap OAuth2 and OIDC onto everything, the industry has developed a collective amnesia about the silent engine still ...
GitHub

Bug: Gemini CLI OAuth fails on headless/VPS with "client_secret is missing"

You are running in a remote/VPS environment. A URL will be shown for you to open in your LOCAL browser. After signing in, copy the redirect URL and paste it back here ...
GitHub

enovation/moodle-local_oauth2

It provides an OAuth2 server so that a user can use its Moodle account to log in to external applications. Oauth2 Library has been taken from https://github.com ...
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...