New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...
CSO Online

Meet ConsentFix, a new twist on the ClickFix phishing attack

What’s new in a ConsentFix attack is that the attack happens entirely inside a browser, say the researchers, which removes one of the key detection opportunities because the attack doesn’t touch an ...

Keeper Security Launches ServiceNow Integration to Improve Visibility and Response to Cyber Attacks

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords and passkeys, infrastructure secrets, remote connections and endpoints, today ...
TMCnet

Nudge Security Unveils Industry's Most Comprehensive AI Security Governance Platform

Nudge Security, the leading innovator in SaaS and AI security governance, today announced a significant expansion of its ...
The Hacker News

What GTG-1002 and Claude-Style Attacks Mean for SaaS Verification

GTG-1002 shows how AI can scale intrusions fast. Here’s why static OAuth trust is risky for SaaS and how to verify apps and ...

ShinyHunters, Salesloft Drift And The Case For Dynamic SaaS Security

With attackers exploiting trust in apps, integrations and users to gain access that looks legitimate, organizations must rethink their approach beyond traditional tools.
Opinion
Security BoulevardOpinion

The Cyber Resilience Act and SaaS: Why Compliance is Only Half the Battle

The EU’s Cyber Resilience Act is reshaping global software security expectations, especially for SaaS, where shared responsibility, lifecycle security and strong identity protections are essential as ...