Techzine Europe

How attackers use Microsoft agents to steal OAuth tokens

AI agents are proving to be extremely resourceful. Among their discoveries can be OAuth tokens, which these digital ...
CSOonline

How to defend against OAuth-enabled cloud-based attacks

Recently Malwarebytes reported that the SolarWinds hackers accessed its internal emails using the same intrusion vector they used in other attacks. The vector appears to abuse applications with ...

Experts warn Microsoft Copilot Studio agents are being hijacked to steal OAuth tokens

Security researchers from Datadog Security Labs are warning about a new phishing technique weaponizing Microsoft Copilot ...
Security Boulevard

2-Legged vs 3-Legged OAuth: Which Flow Fits Your Use Case?

Learn when to use 2-legged vs 3-legged OAuth flows for your authentication needs. Discover security vulnerabilities, implementation patterns, and how Workload Identity Federation eliminates credential ...

Hackers are exploiting OAuth loophole for persistent access - and resetting your password won't save you

Cybercriminals have increasingly used cloud account takeover (ATO) tactics in recent years - as it allows them to hijack ...

CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens

A newly identified phishing technique known as “CoPhish” exploits Microsoft Copilot Studio agents to deliver deceptive OAuth ...
SiliconANGLE

Potential OAuth lapses could have led to significant data breaches, warns Salt Labs

A new report released today by application programming interface security startup Salt Security Inc. warns of significant vulnerabilities in several major online platforms’ social sign-in and Open ...

Find hidden malicious OAuth apps in Microsoft 365 using Cazadora

Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs' Cazadora script helps uncover rogue apps before ...
Threat Post

Office 365 OAuth Attack Targets Coinbase Users

Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth. Office 365 users are receiving emails purporting to come from ...
CSOonline

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...