ConsentFix v3 attacks target Azure with automated OAuth abuse

A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding ...
CSO Online

AI agents can bypass guardrails and put credentials at risk, Okta study finds

An AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

n8n: Updates fix critical security vulnerabilities in automation platform

The update was announced to all admins via email; they should apply it promptly. Code injection is a risk. As announced on ...
Security Boulevard

SAML vs OIDC vs OAuth 2.0: 12 Differences Every B2B Engineering Team Should Know

Choosing between SAML, OIDC, and OAuth 2.0? Explore 12 critical differences to help your B2B engineering team select the right authentication protocol today.
Microsoft

Inside an AI‑enabled device code phishing campaign

Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the device code authentication flow to compromise organizational accounts at scale. While traditional device ...
Business Insider

A 4 a.m. scramble turned Anthropic's leak into a 'workflow revelation'

Coders have had a field day weeding through the treasures in the Claude Code leak. "It has turned into a massive sharing party," said Sigrid Jin, who created the Python edition, Claw Code. Here's how ...
InfoWorld

What I learned using Claude Sonnet to migrate Python to Rust

If there’s one universal experience with AI-powered code development tools, it’s how they feel like magic until they don’t. One moment, you’re watching an AI agent slurp up your codebase and deliver a ...