- Cyber Safety
- Posts
- Trust Hijacked: OAuth Phishing, API Drips & Legacy Forwarding
Trust Hijacked: OAuth Phishing, API Drips & Legacy Forwarding
In partnership with
Keep This Stock Ticker on Your Watchlist
They’re a private company, but Pacaso just reserved the Nasdaq ticker “$PCSO.”
No surprise the same firms that backed Uber, eBay, and Venmo already invested in Pacaso. What is unique is Pacaso is giving the same opportunity to everyday investors. And 10,000+ people have already joined them.
Created a former Zillow exec who sold his first venture for $120M, Pacaso brings co-ownership to the $1.3T vacation home industry.
They’ve generated $1B+ worth of luxury home transactions across 2,000+ owners. That’s good for more than $110M in gross profit since inception, including 41% YoY growth last year alone.
And you can join them today for just $2.90/share. But don’t wait too long. Invest in Pacaso before the opportunity ends September 18.
Paid advertisement for Pacaso’s Regulation A offering. Read the offering circular at invest.pacaso.com. Reserving a ticker symbol is not a guarantee that the company will go public. Listing on the NASDAQ is subject to approvals.
OAuth Consent Screens Are the New Phishing Page
Attackers are mimicking Google, Microsoft, and GitHub OAuth consent flows—tricking users into granting real API access to malicious apps. These bypass traditional email and URL-based phishing filters.
Audit all authorized third-party apps, block high-scope access tokens, and train employees to recognize suspicious OAuth scopes—even on trusted platforms.
Forgotten DNS Entries Are Being Exploited for Subdomain Takeover
Old marketing campaigns and decom’d services leave behind DNS records still pointing to expired or unregistered platforms. Attackers claim the resource, then serve malware under your brand.
Schedule DNS audits quarterly. Remove stale CNAMEs, TXT records, and unused A records across all owned domains.
LLMs Are Being Prompted to Generate Malicious Macros
Some attackers are now asking AI tools to generate Office macros, Excel formulas, or PDF actions with obfuscated payloads—perfectly formatted to pass static scans.
Restrict macro use to signed-only, inspect LLM usage patterns, and educate developers on prompt engineering hygiene.
The Gold standard for AI news
AI will eliminate 300 million jobs in the next 5 years.
Yours doesn't have to be one of them.
Here's how to future-proof your career:
Join the Superhuman AI newsletter - read by 1M+ professionals
Learn AI skills in 3 mins a day
Become the AI expert on your team
Legacy Email Rules Still Granting External Access
Employees who previously worked with vendors or contractors often forget to disable automatic forwarding rules. These remain active even after access is revoked—leaking sensitive content.
Scan email systems for forwarding rules, auto-expire them after 30 days, and review access logs from external domains regularly.
API Rate Limit Abuse Is Evading Detection
Instead of hammering endpoints, attackers now drip-feed requests just below rate limits—exfiltrating data slowly and blending in with normal traffic.
Use cumulative API usage monitoring, flag low-frequency anomalies, and test for session-based scraping across multiple IPs or accounts.
Identity Teams Are Still Missing Role Decay
As roles evolve, so do access needs—but most orgs fail to remove permissions that are no longer relevant. This creates bloated privilege graphs and cross-functional risk.
Automate access reviews based on team changes, project transitions, or inactivity periods. Treat role change as a trigger—not just onboarding or offboarding.
Fact-based news without bias awaits. Make 1440 your choice today.
Overwhelmed by biased news? Cut through the clutter and get straight facts with your daily 1440 digest. From politics to sports, join millions who start their day informed.