identity compromise

2 posts

OAuth Consent Abuse: A Trust Boundary Collapse in Microsoft 365

A malicious browser extension exploited OAuth consent in Microsoft 365 to gain full tenant access. No password or MFA was required. The attack bypassed all perimeter controls and created a persistent, unrevocable access path-highlighting a fundamental flaw in identity trust models.

Apr 13, 2026

Article

The Real Failure in the axios npm Compromise Wasn't Code - It Was Trust

The axios@1.141 and axios@0.304 npm compromise was not a code flaw - it was a failure in trust validation. Credential theft enabled persistent supply chain poisoning due to lack of enforced MFA and session verification at every publish event.

Apr 1, 2026