OAuth - API Security Blog

Denial of service in Spring Security OAuth

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 C ...

May 30, 2022

RST Threat feed. IOC: https://suncoast-auth.dns05.com/auth.php?oauth

Found **https://suncoast-auth[.]dns05.com/auth.php?oauth** in [...Read More ...

May 30, 2022

CVE report published for Spring Security OAuth

We have released Spring Security OAuth 2.5.2 to address the following CVE report. * [CVE-2022-22969: Denial-of-Service (DoS) in spring-security-oauth2]() This vulnerability exposes OAuth 2.0 Client ...

May 30, 2022

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted”

[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiiIy1KyYnnhEtz-GpAc5zngJFc4ts7Cy3Xcd3_kERhuq01G2fpv6le_bhfRu1-u5_VFn-aIgZRoU3eio7NtjVCXMIGMW2E_FT-CMVsrHhhl5BmOWXliz-YZqSMag83hCUcabVlhTj ...

May 30, 2022

VMware Workspace ONE Access Template Injection / Command Execution

Post ContentRead More ...

May 30, 2022

VMware Workspace ONE Access CVE-2022-22954

This module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) in VMware Workspace ONE Access, to execute shell commands as the "horizon" user.Read More ...

May 30, 2022

Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954

![Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954](https://blog.rapid7.com/content/images/2022/04/vmware-one-etr.jpg) On April 6, 2022, VMware published [VMSA-2022-0011](), which ...

May 30, 2022

Attacker Breach Dozens of GitHub Repos Using Stolen OAuth Tokens

GitHub revealed details tied to last weeks incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. We do not believe the attacker obtained these tokens via a ...

May 30, 2022