buc.ci is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.

This server runs the snac software and there is no automatic sign-up process.

Admin email
abucci@bucci.onl
Admin account
@abucci@buc.ci

Search results for tag #oauth

3 ★ 2 ↺
#tech boosted

[?]Anthony Β» 🌐
@abucci@buc.ci

One of the things I'm finding stunning about the Vercel breach is how many people are saying "I had $VERY_LARGE_NUMBER of OAuth apps authorized to my $VERY_IMPORTANT_ACCOUNT and had to go through them all". I have like 2 OAuth apps authorized on any account that matters to me, and I review them fairly regularly and remove ones I don't use or don't remember. I also never accept "allow all" for any app. Apparently I'm weird in this way? I just feel like not doing this is akin to using "password" for all your passwords.


    AodeRelay boosted

    [?]hasamba Β» 🤖 🌐
    @hasamba@infosec.exchange

    ----------------

    🧭 AI Security

    This report documents a critical command injection vulnerability in OpenAI Codex that enabled theft of GitHub User Access Tokens via the ChatGPT Codex Connector. The discovery was credited to BeyondTrust Phantom Labs and disclosed to OpenAI on December 16, 2025. OpenAI issued a hotfix on December 23, 2025, followed by additional fixes for branch shell escape (January 22, 2026) and further shell-escape hardening and reduced GitHub token access (January 30, 2026). The vulnerability was classified as Critical (Priority 1) on February 5, 2026, with permission granted for public disclosure.

    Technical narrative
    β€’ The ChatGPT Codex Connector uses short-lived, scoped OAuth 2.0 access tokens to act on behalf of consenting users. With broad default scopes, the application can access repositories, workflows, actions, branches, and private organizational resources when authorized inside an organization.
    β€’ In the Codex Web portal, user prompts that target repositories and branches create β€œcloud task” POST requests carrying environment identifiers, branch, and prompt text. On backend execution, Codex spins up containerized environments that run setup scripts, install dependencies, and may execute code derived from prompts.
    β€’ Environments support custom setup scripts, environment variables, and secrets, and by default allow outbound internet access during setup via an HTTP/HTTPS proxy. The command injection allowed an attacker to achieve shell escape within these containers, access environment-scoped secrets, and exfiltrate GitHub tokens.

    Attack chain (reported)

    🎣 Initial Access β€” crafted prompts or repository inputs processed by Codex allowed injection into backend task handling.
    ===================

    βš™οΈ Execution β€” containerized environment executed injected commands during setup or runtime.
    πŸ“€ Exfiltration β€” obtained short-lived OAuth tokens were transmitted out via network proxy pathways.

    Observed fixes and timeline
    β€’ 2025-12-23: Hotfix for command injection.
    β€’ 2026-01-22: Fix for GitHub branch shell escape.
    β€’ 2026-01-30: Additional shell escape hardening and limits on GitHub token access.

    This account focuses on the concrete findings: vulnerable task handling in Codex, container shell escape leading to token theft, the privileged default scopes of the GitHub integration, and the sequence of fixes applied by OpenAI.

    πŸ”— Source: beyondtrust.com/blog/entry/ope

      AodeRelay boosted

      [?]Jim Guckin Β» 🌐
      @JimGuckin@infosec.exchange

      New phishing campaigns are abusing OAuth flows to gain persistent access without stealing credentials.

      Even password resets don’t kick attackers out.

      Identity security now includes managing tokens & app permissions.

      helpnetsecurity.com/2026/03/we

        AodeRelay boosted

        [?]TechNadu Β» 🌐
        @technadu@infosec.exchange

        OAuth redirect abuse targeting government orgs.

        Hijacked redirect URIs β†’ EvilProxy AiTM phishing β†’ session token theft & MFA bypass.
        Audit OAuth apps. Restrict consent. Remove overprivileged access.

        Full report:
        technadu.com/oauth-redirect-ab

        OAuth Redirect Abuse Targets Government and Public Sector Organizations, Microsoft Warns

        Alt...OAuth Redirect Abuse Targets Government and Public Sector Organizations, Microsoft Warns

          AodeRelay boosted

          [?]TechNadu Β» 🌐
          @technadu@infosec.exchange

          Vishing-Based Compromise at Optimizely Highlights Identity Risk

          Attackers gained access via voice phishing, targeting SSO-linked systems and CRM records.

          No confirmed privilege escalation, but exposure of business contact data reinforces how social engineering bypasses perimeter defenses.

          Activity patterns resemble ShinyHunters campaigns abusing MFA prompts and OAuth 2.0 device authorization flows.

          Common post-access targets include Salesforce, Microsoft 365, Google Workspace, Slack, SAP, Atlassian - wherever SSO tokens provide lateral access.

          Identity is the control plane. Once tokens are compromised, downstream exposure scales quickly.

          Is your organization monitoring abnormal device code authentication and token issuance events?

          Source: bleepingcomputer.com/news/secu

          Engage below.
          Follow @technadu for actionable threat intelligence.

          Ad tech firm Optimizely confirms data breach after vishing attack

          Alt...Ad tech firm Optimizely confirms data breach after vishing attack

            about this site - powered by snac/2.86