A supply chain attack targeting the market intelligence platform Klue has resulted in the theft of OAuth tokens used by several high-profile organizations. The Icarus extortion group gained access to Klue's infrastructure by exploiting a dormant legacy credential for a prototype integration service. Once inside, the threat actors exfiltrated OAuth tokens that allowed them to query connected third-party environments, specifically targeting Salesforce CRM data.

Source

Anthropic has announced the general availability of Workload Identity Federation (WIF) on the Claude Platform. This feature supports any OpenID Connect (OIDC) compliant identity provider, including AWS IAM, Azure managed identities, and Google Cloud Platform service accounts. It applies to all Claude API endpoints, first-party software development kits (SDKs), and Claude Code.

Source

Microsoft is updating the sign-in experience for personal accounts by requiring users to manually type a two-digit code into the Authenticator app. This replaces the previous method where users simply chose the correct number from three visible options on their mobile device. The change is being rolled out gradually to ensure all users eventually transition to this more deliberate verification process.

Source

A threat group known as Velvet Ant successfully maintained a presence within a large organization's isolated network for ten years by hijacking the authentication stack. The intrusion began in 2016 when the actors compromised internet-facing systems before pivoting into an air-gapped environment with no direct external connection. By establishing a remote execution path through chained Nginx and FastCGI modifications, the attackers bypassed traditional network segregation without requiring direct internet access.

Source