Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and potentially fully take over the target’s...
Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth...
Salesforce-owned Heroku is performing a forced password reset on a subset of user accounts in response to last month’s security incident while providing no information as...
GitHub has shared a timeline of this month’s security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations....
GitHub says it notified all organizations believed to have had data stolen from their private repositories by attackers abusing compromised OAuth user tokens issued to Heroku and Travis-CI....
GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was...
Recent Comments