New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
The Hacker News

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The ...
GitHub

google_oauth_plugin.py

2. Receiving the auto-injected OAuth access_token via context.credentials 3. Using the token to call Google Gmail API 4. The difference between API Key credentials and OAuth credentials from the ...
GitHub

Vendor-neutral identity verification for AI agents.

Demarche sits between your application and the growing ecosystem of agent-identity issuers — Microsoft Entra Agent ID, Auth0 for AI Agents, WorkOS, OpenAgents, any OAuth On-Behalf-Of issuer. Integrate ...