
Jalisco and OmegaLord PhaaS Kits Beat M365 MFA Using OAuth Tricks
ReliaQuest disclosed Jalisco, which regenerates OAuth tokens in real time to beat Microsoft’s 15-minute window, and OmegaLord, which harvests MFA

ReliaQuest disclosed Jalisco, which regenerates OAuth tokens in real time to beat Microsoft’s 15-minute window, and OmegaLord, which harvests MFA

French security firm Lexfo discovered three Evilginx M365 phishing campaigns after attackers left a Python HTTP server with directory listing

New threat group Helix chains vishing with Microsoft’s OAuth Device Code Flow to harvest M365 tokens and exfiltrate SharePoint data

Sand Security found a one-click session isolation flaw in Writer AI letting attackers access any enterprise tenant’s private models, credentials,

Attackers posing as 30-plus major brand recruiters use fake job interviews to steal Google credentials from marketing professionals who manage

Kaspersky attributed Umbrij to ToddyCat APT, a .NET tool that silently reads corporate Gmail via OAuth without triggering login alerts

Ukraine’s SBU and the FBI jointly exposed campaigns by Russian FSB-linked UNC5792 and GRU-linked UNC4221 stealing Signal and WhatsApp backup

Threat actor Icarus exploited Klue’s Salesforce OAuth integration to breach CRM data at cybersecurity firms including Huntress and Recorded Future

CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.

ANSSI detected attackers who used a hijacked account and hardcoded LDAP credentials to breach Tchap, exposing 643,000 messages across 73,000
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.