OAuth Consent Abuse
Cloud security firm Wiz has issued a warning about the dangers posed by malicious OAuth applications, highlighting how ‘consent fatigue’ can lead to attackers gaining access to sensitive data by disguising their malicious apps as legitimate ones. By accepting permissions requested by a rogue OAuth application, users inadvertently grant attackers access to their files or emails without needing to know their password.
Messaging Account Takeover
Russian hackers are targeting Signal and WhatsApp accounts of government officials, journalists, and military personnel globally. They trick victims into sharing security verification codes or PINs, thereby gaining unauthorized access to accounts.
Cloud Breach via Software Flaws
Google has revealed that threat actors are increasingly exploiting vulnerabilities in third-party software to breach cloud environments. This shift indicates that threat actors are moving towards more sophisticated and costly vectors that specifically target software vulnerabilities.
Microcontroller Debug Bypass
New research from Quarkslab has found that it’s possible to bypass the 16-byte password protection required for debug access on several variants of the RH850 microcontroller family using voltage fault injection in under one minute.
Solar Spider Suspects Arrested
Two Nigerian nationals have been arrested for their alleged involvement in an e-crime operation known as Solar Spider. The suspects were planning to siphon large amounts of money by leveraging security flaws in Indian cooperative banking systems.
PlugX Malware Campaign
Check Point has disclosed targeted campaigns against entities in Qatar using conflict-related content as lures to deliver malware families like PlugX and Cobalt Strike. The attack chain uses Windows shortcut (LNK) files contained within ZIP archives to deploy malware.
Teen DDoS Kit Sellers
Polish police have referred seven suspected minor cybercriminals to family court over an alleged scheme to sell distributed denial-of-service (DDoS) kits online. The suspects, aged between 12 and 16, face charges related to selling DDoS tools designed to target popular websites.
Phishing-Resistant Windows Login
Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello. This update allows users to create device-bound passkeys stored in the Windows Hello container and authenticate using Windows Hello methods.
Sysmon Built into Windows
Microsoft has natively integrated System Monitor (Sysmon) functionality directly into Windows 11 and Windows Server 2025 as an optional built-in feature. This integration drastically lowers the barrier to entry for deep endpoint visibility and represents a massive operational win for network defenders.
Canada Phishing Campaign
An active phishing campaign is targeting Canadian residents using fraudulent domains impersonating trusted institutions, including the Government of British Columbia and Hydro-Québec, with the goal of collecting personal information and credit card details.
BlackSanta EDR Killer
A sophisticated attack campaign targeting HR departments and job recruiters has combined social engineering with advanced evasion techniques to stealthily compromise systems by avoiding analysis environments and leveraging a specialized module designed to kill antivirus and endpoint detection software.
Zombie ZIP Technique
A new technique dubbed Zombie ZIP allows attackers to conceal payloads in specially crafted compressed files that can bypass security tools. Malformed ZIP headers can cause antivirus and endpoint detection and response software (EDR) to produce false negatives.
AI Agent Breaches Platform
Researchers at autonomous offensive security startup CodeWall said their AI agent hacked McKinsey’s internal AI platform Lili and gained full read and write access to the chatbot platform in just two hours. This enabled access to the entire production database, including 46.5 million chat messages and 728,000 files containing confidential client data.
元記事: https://thehackernews.com/2026/03/threatsday-bulletin-oauth-trap-edr.html