Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: token-theft (4 articles)Clear

Microsoft 365 Android apps leak FOCI SSO tokens to any local app via leftover setIsDebugMode(true) - four CVEs, six apps

Enclave researchers have disclosed FlagLeft, a flaw in Microsoft 365 Android apps that let any local app steal account tokens because a shared Microsoft SDK shipped with setIsDebugMode(true) left in production code, skipping the check that should reject untrusted apps requesting SSO handoff. The leaked FOCI single-sign-on tokens can be refreshed and reused over long periods, with traffic that looks routine in logs. It affected Word, PowerPoint, Excel, Microsoft 365 Copilot, Loop, and OneNote (billions of downloads); Teams shipped the flag false and was unaffected. Microsoft issued four CVEs on May 12 (CVE-2026-41100/41101/41102/42832). The patched Android Word build is 16.0.19822.20190; a malicious on-device app is all it takes.

Check
Push Microsoft 365 Android app updates via MDM. Confirm Word is on build 16.0.19822.20190 or later and other apps updated through Google Play. Audit Android fleets for sideloaded apps.
Affected
Microsoft 365 Android apps (Word, PowerPoint, Excel, Copilot, Loop, OneNote) below the patched builds. A malicious on-device app can steal refreshable FOCI SSO tokens; Teams was unaffected.
Fix
Update all M365 Android apps from Google Play. Note the patch does not revoke already-stolen tokens - revoke active sessions for potentially-affected users and enforce app-install controls on managed devices.

codexui-android npm steals OpenAI Codex auth tokens for a month - non-expiring refresh_token exfiltrated to fake Sentry endpoint

Aikido Security has disclosed that codexui-android, an npm package advertised as a remote web UI for OpenAI Codex with over 29,000 weekly downloads, has been silently exfiltrating users' Codex authentication tokens for the past month. Unlike a typosquat, the malware was embedded into a functional, actively-developed package roughly a month after publication to build trust; the GitHub repo stayed clean. The code reads ~/.codex/auth.json and ships the access_token, refresh_token, id_token, and account ID to sentry.anyclaw[.]store, a server masquerading as Sentry. The non-expiring refresh_token lets an attacker silently impersonate the developer indefinitely with full Codex account access. The package remains available; the npm account is 'friuns.'

Check
Inventory developer machines for the codexui-android npm package. If present, treat ~/.codex/auth.json as compromised. Search egress for traffic to sentry.anyclaw[.]store.
Affected
Developers who installed codexui-android (29K weekly downloads, still live). Stolen non-expiring Codex refresh_tokens give attackers persistent, silent impersonation of the victim's OpenAI Codex account.
Fix
Remove codexui-android. Revoke and re-issue OpenAI Codex sessions; the refresh_token does not expire, so rotation is mandatory. Pin dependencies and audit AI-tooling packages before install.

Italian Guardia di Finanza dismantles CINEMAGOAL piracy app that harvested fresh auth codes from legit Netflix, Disney+, Spotify subscriptions every 3 minutes

Italian Guardia di Finanza has dismantled CINEMAGOAL, an unusual piracy operation whose customers installed an app on their devices that authenticated directly to legitimate Netflix, Disney+, Spotify, Sky, and DAZN. A network of virtual machines in Italy captured fresh authentication and decryption codes from real subscriptions (opened under false identities) every three minutes and redistributed them to subscribers, who streamed at full quality with their real IPs masked. Operation 'Tutto Chiaro' executed 100 searches across Italy, seized servers in France and Germany, and identified about 70 resellers. The first 1,000 subscribers have been fined between €154 and €5,000.

Check
If you run an enterprise streaming or subscription product: search for accounts authenticating from Italian VM ranges with abnormally short session intervals (every 3 minutes) tied to suspicious billing details.
Affected
Streaming and content platforms (Netflix, Disney+, Spotify, Sky, DAZN are named victims). Subscribers signing up under fake identities, then sharing rotating auth tokens, is the core abuse pattern.
Fix
Add device-binding to subscription sessions so a captured token does not work elsewhere. Throttle simultaneous-stream limits at the network level. Strengthen identity verification at subscription signup.

ShinyHunters breach SaaS integrator Anodot, steal auth tokens to raid Snowflake customers - 12+ companies hit

ShinyHunters breached Anodot, an AI-based data anomaly detection platform acquired by Glassbox in late 2025, and stole authentication tokens that connected Anodot to its customers' cloud environments. Using those tokens, the attackers accessed Snowflake data warehouses belonging to over a dozen companies and began exfiltrating data last Friday - timed to the Easter/Passover holiday for maximum dwell time. ShinyHunters also attempted to use the stolen tokens against Salesforce instances but were blocked by AI detection. The group is now extorting affected companies, demanding ransom payments to prevent data release. Anodot's customer list includes Puma, SAP, T-Mobile, and UPS. This is the same playbook ShinyHunters used in the 2025 Snowflake campaign and the Gainsight/Salesforce attacks - breach a trusted integration, not the platform itself.

Check
Audit every third-party SaaS integration connected to your Snowflake, Salesforce, or other cloud data platforms. Identify which ones hold active authentication tokens with read access to your data.
Affected
Any organization using Anodot (now Glassbox) integrations connected to Snowflake, Salesforce, S3, or Amazon Kinesis. Broader risk: any company with SaaS-to-SaaS integrations that use long-lived OAuth tokens or API keys.
Fix
Revoke and rotate all authentication tokens for Anodot/Glassbox integrations immediately. Review Snowflake query logs for unusual data access patterns since late March. Enable network policies to restrict Snowflake access by IP. Audit all third-party integrations for least-privilege access - most SaaS connectors have broader permissions than they need. Monitor for ShinyHunters extortion communications.