Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
Threat Post

Twitter OAuth API Keys Leaked

The OAuth keys and secrets that official Twitter applications use to access users’ Twitter accounts have been leaked in a post to Github this morning. The OAuth keys and secrets that official Twitter ...

Yahoo Fantasy Sports API - Yahoo Sports Developer Portal

The Yahoo Fantasy Sports API gives developers access to real-time fantasy data across Football, Baseball, Basketball, and Hockey - including leagues, teams, players, and matchups. Built on a RESTful, ...
The Hacker News

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

OAuth tokens without expiry enable breaches like Drift attack on 700+ firms, bypassing MFA and exposing sensitive data.
SecurityWeek

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking

Claude Code vulnerability allows attackers to intercept OAuth tokens, enabling access to connected SaaS platforms and ...
Morningstar

HTTP Got TLS. APIs Got OAuth. MCP Got Nothing. Permit.io Launches the Gateway to Fix That.

HTTP Got TLS. APIs Got OAuth. MCP Got Nothing. Permit.io Launches the Gateway to Fix That. AI agents are calling enterprise tools in production today with no fine-grained authorization, no delegation ...
secureidnews.com

OAuth 2.0: Enabling identity for the cloud, mobile

Digital identity is becoming increasingly important as enterprises strive to protect and control access to online resources. A series of maturing standards is helping make identity management and ...