Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...
Cybernews

Vercel hacked after fatal OAuth misstep: granting “Allow All” permissions

Vercel has been hacked and had some customer credentials compromised after an employee's single OAuth token, which had been ...

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
CPO Magazine

Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...