OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
https://thehackernews.com/2026/03/threatsday-bulletin-oauth-trap-edr.html
Publish Date: 2026-03-12 09:14:00
Source Domain: thehackernews.com
Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.”
The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows how flimsy certain assumptions really are. A couple of things that make you stop mid-scroll and think, “wait… people are actually pulling this off?”
There’s also the usual mix of strange corners of the ecosystem doing strange things — infrastructure behaving a little too professionally for comfort, tools showing up where they absolutely shouldn’t, and a few cases where the weakest link is still just… people clicking stuff they probably shouldn’t.
Anyway. If you’ve got five minutes and a mild curiosity about what attackers, researchers, and the broader internet gremlins were up to lately, this week’s ThreatsDay Bulletin on The Hacker News has the quick hits. Scroll on.
-
OAuth consent abuse
Cloud security firm Wiz has warned of the dangers posed by malicious OAuth applications, highlighting how “consent fatigue” could open the door for attackers to gain access to a victim’s sensitive data by giving their malicious apps a legitimate-looking name. By accepting the permissions requested by a rogue OAuth application, the user is “adding” the attacker’s app into their company’s tenant. “Once ‘Accept’ is clicked, the sign-in process is complete,” Wiz said. “But instead of going to a normal landing page, the access token is sent to the attacker’s Redirect URL. With that token, the attacker now has access to the user’s files or emails without ever needing to know their password.” The Google-owned company also said it detected a large-scale campaign active in…
