New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass ...
GitHub

google_oauth_plugin.py

2. Receiving the auto-injected OAuth access_token via context.credentials 3. Using the token to call Google Gmail API 4. The difference between API Key credentials and OAuth credentials from the ...
GitHub

Vendor-neutral identity verification for AI agents.

Demarche sits between your application and the growing ecosystem of agent-identity issuers — Microsoft Entra Agent ID, Auth0 for AI Agents, WorkOS, OpenAgents, any OAuth On-Behalf-Of issuer. Integrate ...