CSO Online

Klue breach exposed Salesforce CRM data through stolen OAuth tokens

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce ...
The Hacker News

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The ...
Ars Technica

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for its ASP.NET Core to fix a high-severity vulnerability that allows unauthenticated attackers to gain SYSTEM privileges on devices that use the Web development ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and ...
GitHub

rskworld/csharp-web-api

A complete RESTful web API built with C# and .NET Core 8.0, featuring JSON API endpoints, Entity Framework, JWT authentication, database integration, and ...
Bleeping Computer

ConsentFix debrief: Insights from the new OAuth phishing attack

In December, the Push Security research team discovered and blocked a brand new attack technique that we coined ConsentFix. This technique merged ClickFix-style social engineering with OAuth consent ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
InfoQ

ASP.NET Core in .NET 10: Major Updates across Blazor, APIs, and OpenAPI

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Spencer Judge discusses the architectural ...
aha.org

QNAP Advises Users Patch Critical ASP .NET Core Flaw Affecting NetBak PC Agent CVE-2025-55315

On October 24, 2025, QNAP issued a security advisory regarding a critical vulnerability, CVE-2025-55315, in the Microsoft ASP .NET Core component installed by and utilized within its NetBak PC Agent ...
Bleeping Computer

Microsoft fixes highest-severity ASP.NET Core flaw ever

Earlier this week, Microsoft patched a vulnerability that was flagged with the "highest ever" severity rating received by an ASP.NET Core security flaw. This HTTP request smuggling bug (CVE-2025-55315 ...
The Daily Pennsylvanian

Penn philosophy professor to lead implementation of antisemitism task force recommendations

Philosophy professor and Perry World House Director Michael Weisberg was appointed to lead the implementation of recommendations from Penn's 2024 Task Force on Antisemitism and the Commission on ...