OAuth & SaaS tokens

OAuth token abuse, connected-app compromise, and the identity layer behind SaaS integrations.

All topics Detection & threat hunting AI & LLM security Malware & C2 Remote code execution Active exploitation Edge & VPN security Data breaches Privilege escalation Ransomware Supply-chain attacks WordPress security Patch management Vulnerable drivers (BYOVD)Takedowns & law enforcement OAuth & SaaS tokens Zero-days

Security news

This login library let a stranger sign in as you with just your email

CVE-2026-49757 (CVSS 9.2) let attackers take over accounts in Elixir apps built on ash_authentication by matching users on email instead of identity. Update

Suriq's Jack · Jun 21, 2026

Security news

Your Salesforce wasn't breached. A connected app handed over the data.

The Icarus group stole Salesforce CRM data through Klue's connected app, not a Salesforce flaw. Why OAuth integration tokens are the unmonitored attack surface.

Suriq's Jack · Jun 19, 2026

Ready to meet the Guardians?

Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security. Just Suriq, standing watch.

Request access Meet the clan

OAuth & SaaS tokens

This login library let a stranger sign in as you with just your email

Your Salesforce wasn't breached. A connected app handed over the data.

Ready to meet the Guardians?

Something great
is coming.

You're on the list.