Learning from the Vercel breach: Shadow AI & OAuth sprawl

A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach ...
The Hacker News

Toxic Combinations: When Cross-App Permissions Stack into Risk

Toxic combinations form when AI agents, integrations, or OAuth grants bridge SaaS apps into trust relationships no single ...
Security Boulevard

Vercel Breach: How a Roblox Cheat Download Led to a $2M Data Heist Through AI Tool OAuth Abuse

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...
Dark Reading

Vercel Employee's AI Tool Access Led to Data Breach

Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a ...
Cybernews

Vercel hacked after fatal OAuth misstep: granting “Allow All” permissions

Vercel has been hacked and had some customer credentials compromised after an employee's single OAuth token, which had been ...
Security Boulevard

AI Prompt Injection Attacks: Examples & Prevention | Grip

AI prompt injection attacks exploit the permissions your AI tools hold. Learn what they are, how they work, and how to ...
Cloud Security Alliance

When AI Agents Serve Shared Workspaces, Authorization Must Follow the Audience

Explores how AI agents retrieve data with user permissions yet expose outputs to mixed audiences, urging audience-aware authorization.
Bleeping Computer

Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. The attacks target government and public-sector ...
Edutopia

Making Use of a Worked Example to Improve Learning

It’s a familiar moment in math class—students are asked to solve a problem, and some jump in confidently while others freeze, unsure where to begin. When students don’t yet have a clear mental model ...
Ars Technica

Why has Microsoft been routing example.com traffic to a company in Japan?

From the Department of Bizarre Anomalies: Microsoft has suppressed an unexplained anomaly on its network that was routing traffic destined to example.com—a domain reserved for testing purposes—to a ...
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...