The Hacker News

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

OAuth tokens without expiry enable breaches like Drift attack on 700+ firms, bypassing MFA and exposing sensitive data.

Learning from the Vercel breach: Shadow AI & OAuth sprawl

A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach ...