oidc

2 posts tagged oidc.

Forged from 2016: How Storm-0558 Turned One Stolen Signing Key into U.S. Government Email Access

May 27, 2026

A 2016 consumer Microsoft signing key, never rotated, forged tokens that read U.S. government email for six weeks before a paying customer noticed. A technical reconstruction.
When Your Password Manager Attacks You: Inside the Bitwarden CLI Supply Chain Compromise

Apr 30, 2026

How the @bitwarden/cli npm package was hijacked for 93 minutes on April 22, 2026, subverting trusted publishing to steal AWS, GitHub, and SSH credentials from 334 installs.