- From: tom jones via GitHub <noreply@w3.org>
- Date: Fri, 01 Aug 2025 20:31:01 +0000
- To: public-security@w3.org
TomCJones has just created a new issue for https://github.com/w3c/securityig: == IdP in the middle attack == Here's a successful attack that appears (to me) to be an identify provider spoofing attack. I think that we might need to add this to things like DC API and FedCM. The quoted success rate is 50% https://cybersecuritynews.com/threat-actors-impersonating-microsoft-oauth "The researchers observed that while most [campaigns](https://cybersecuritynews.com/incorporating-cybersec-credentials-into-marketing-campaigns/) impersonate generic enterprise applications, some attackers customize their lures based on specific software used in targeted industries, demonstrating a sophisticated understanding of their victims’ operational environments. The financial and operational impact has been substantial, with researchers documenting attempted account compromises affecting nearly 3,000 user accounts across more than 900 Microsoft 365 environments. Perhaps most concerning is the campaign’s confirmed success rate exceeding 50%, highlighting the effectiveness of this hybrid attack methodology that combines email-based social engineering with cloud application abuse." Please view or discuss this issue at https://github.com/w3c/securityig/issues/24 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 1 August 2025 20:31:02 UTC