Recently Malwarebytes reported that the SolarWinds hackers accessed its internal emails using the same intrusion vector they used in other attacks. The vector appears to abuse applications with ...

We’re now all too familiar with the ubiquitous “Sign in with Google” button we encounter all over the internet. For most of us, it has become the go-to “easy button” for managing the sprawling set of ...

AI agents are proving to be extremely resourceful. Among their discoveries can be OAuth tokens, which these digital ...

Learn when to use 2-legged vs 3-legged OAuth flows for your authentication needs. Discover security vulnerabilities, implementation patterns, and how Workload Identity Federation eliminates credential ...

A new report released today by application programming interface security startup Salt Security Inc. warns of significant vulnerabilities in several major online platforms’ social sign-in and Open ...

Hackers are using OAuth as a loophole to retain access to user accounts. Password resets won’t help, and even multi‑factor ...

Security researchers from Datadog Security Labs are warning about a new phishing technique weaponizing Microsoft Copilot ...

A newly identified phishing technique known as “CoPhish” exploits Microsoft Copilot Studio agents to deliver deceptive OAuth ...

Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs' Cazadora script helps uncover rogue apps before ...