Infosecurity-magazine.com

Hackers Deploy Malicious OAuth Apps to Compromise Email Servers, Spread Spam

Threat actors deployed OAuth applications on compromised cloud tenants and then used them to control Exchange servers and spread spam. The news is the result of an investigation by Microsoft ...
Bleeping Computer

Gitloker attacks abuse GitHub notifications to push malicious OAuth apps

Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. The ...
Bleeping Computer

Find hidden malicious OAuth apps in Microsoft 365 using Cazadora

Tl;dr: If you manage even one Microsoft 365 tenant, it’s time to audit your OAuth apps. Statistically speaking, there’s a strong chance a malicious app is lurking in your environment. Seriously, go ...