🚩TA416 Targets Government and Diplomatic Organizations with PlugX and OAuth Phishing https://t.co/dbw8QbQ6R4 China-linked TA416 has resumed activity after a quiet period, targeting diplomatic and government organizations with updated PlugX campaigns. The group is abusing

Claude Bug Bounty Hunter - Claude Code skill for AI-assisted bug bounty hunting - recon, IDOR, XSS, SSRF, OAuth, GraphQL, LLM injection, and report generation https://t.co/cpAhSiQtPI

I don't get how this works. Claude OAuth + OpenClaw (OSS) = banned Claude OAuth + "personal software" using Agent SDK = OK So if I fork OpenClaw to use Agent SDK under the hood, this is OK? Or is it only OK for "personal use", and if I sell it, I am banned from allowing

This is huge : @X released an MCP server today.. How to Connect X to your 🦞 : **Step 1: Run the XMCP Server** git clone https://t.co/45vK6uCOKl cd xmcp cp env.example .env Edit the .env file with your X OAuth consumer key and secret. Set the callback URL to

Claude Banned OpenClaw OAuth? We Bypassed It. Anthropic killed 3rd-party OAuth for subs today (April 4), shoving everyone onto the expensive API. OpenClaw doesn't care. We're moving downstream. Instead of fighting the OAuth ban, we're piping Claude CLI directly into OpenClaw.

HackerNotes TLDR for episode 169! https://t.co/w7HQ9TFNYo ►⠀OAuth 2.1 mandates PKCE, so strip code_challenge from "2.1-compliant" servers to test for downgrade vulnerabilities ►⠀MCP's new Client Identity Metadata Documents (CIMD) turn the authorization server into an SSRF

🗓️ Weekly recap (Mar 28-Apr 4) 🚀 5 releases 🛠️ 60 improvements 60 features & enhancements in this release Top features: • BYOM Model picker correctly overrides the --model flag for the session • Add device code flow (RFC 8628) for MCP OAuth in headless and CI environments •

As a developer, you should be able to clearly explain at least 10 of these: - Load Balancer - API Gateway - Reverse Proxy - Throttling - Rate Limiting - Idempotency - Pagination - Cache Stampede - gRPC - GraphQL - Webhooks - OAuth - JWT - Cache Invalidation - Query Optimization

Here's how to give your Hermes agent its own email inbox. @NousResearch No SMTP/IMAP, no Google Oauth, just plug in AgentMail using MCP. See how it works:

Hermes Agent Full Setup Guide (Does It Actually Beat OpenClaw?): 0:00 - What is Hermes Agent 1:07 - What Makes It Different? 1:49 - Install Hermes 6:11 - The Mistake I Made 7:02 - Anthropic OAuth 8:45 - Live Demo 10:34 - Honest Verdict vs OpenClaw 12:26 - Best Workflow

Hey @AnthropicAI you broke claude code logins with oauth too? Even though that's an option in the product? Just because I used that with openclaw before? What the hell man. Can I only API into claude code now??!

Race conditions in OAuth flows can still happen in custom implementations. Here's how to find it: During the token exchange, the server is supposed to treat an authorization code as single-use. If you race the token endpoint by sending parallel requests with the same code

Anthropic finally killed Open Claw Oauth use for Claude Max users 😭 here’s what you can do about it 👇

@uttam_singhk We built Oauth for Agents @GetAgentID Captcha is essentially useless once there is Identity, trust, etc built into the agent infrastructure at a base level. The point of captcha is to remove bot access. Now we have to allow scoped bot access.

While you're handing your AI agent every password you own... The top 1% already moved to @Composio. No OAuth nightmares. No credential leaks. No 3am "who authorized this" panic. Their agents are locked down in minutes. Yours are one prompt injection away from disaster. Secure

Been testing Claude Managed Agents Here's my feedback: Vaults store OAuth tokens outside the sandbox, the agent never handles them directly The problem, vaults are workspace-scoped Anyone with workspace access, via API key or the Console, can reference your vaults and use

🛡️ Hackers Used EvilTokens, ClickFix Campaign to Attack Claude Code Users Source: https://t.co/auiLnXBqSb Two significant threat campaigns from March 2026, one abusing Microsoft’s OAuth authentication flow to silently hijack enterprise accounts, and another deploying the AMOS

음 결국 이후에 쓸 AI 구독은 Claude Code 보다 Codex 를 택할 것 같다... 에이전트 자체를 별도 프로그램으로 직접 만들 때에 “API키” 가 아니라 “OAUTH API키” 를 쓸 수 있어야.. 내 구독을 그대로 쓸 수 있다면 API키보다 20배는 저렴하게 처리할 수 있는데 이걸 더 비싼 API키로 다시 짜는건 좀..

Cleanest approach I’ve seen for agent auth: OAuth + per-action permissions! Composio really nailed this 👏👏👏