Identity and Access Management

Cybersecurity
Jalisco and OmegaLord PhaaS Kits Beat M365 MFA Using OAuth Tricks
ReliaQuest disclosed Jalisco, which regenerates OAuth tokens in real time to beat Microsoft's 15-minute window, and OmegaLord, which harvests MFA phone numbers.
Cybersecurity
Open Server Exposes Three Concurrent Evilginx M365 Operations
French security firm Lexfo discovered three Evilginx M365 phishing campaigns after attackers left a Python HTTP server with directory listing exposed.
Cybersecurity
Helix Group Uses Vishing and Device Code Flow to Steal SharePoint Data
New threat group Helix chains vishing with Microsoft's OAuth Device Code Flow to harvest M365 tokens and exfiltrate SharePoint data for corporate extortion.
Application Security
WriteOut Flaw Let Attackers Hijack Any Writer AI Enterprise Account
Sand Security found a one-click session isolation flaw in Writer AI letting attackers access any enterprise tenant's private models, credentials, and documents.
Cybersecurity
Fake Job Interview Phishing Hits Marketing Pros Across 30 Brand Lures
Attackers posing as 30-plus major brand recruiters use fake job interviews to steal Google credentials from marketing professionals who manage ad platforms.
Cybersecurity
ToddyCat APT’s Umbrij Tool Reads Corporate Gmail via OAuth Silently
Kaspersky attributed Umbrij to ToddyCat APT, a .NET tool that silently reads corporate Gmail via OAuth without triggering login alerts or standard security notifications.
Cybersecurity
SBU and FBI Expose Russian FSB and GRU Signal Key Theft Campaign
Ukraine's SBU and the FBI jointly exposed campaigns by Russian FSB-linked UNC5792 and GRU-linked UNC4221 stealing Signal and WhatsApp backup recovery keys.
Application Security
Klue OAuth Breach Hits Huntress, Recorded Future via Salesforce
Threat actor Icarus exploited Klue's Salesforce OAuth integration to breach CRM data at cybersecurity firms including Huntress and Recorded Future in a June 2026 supply ...
Application Security
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
Cybersecurity
France’s Tchap Messaging App Breached, 643K Messages Exposed
ANSSI detected attackers who used a hijacked account and hardcoded LDAP credentials to breach Tchap, exposing 643,000 messages across 73,000 accounts.