A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat ...

Counting Google, Amazon, and Microsoft among its early adopters, the new standard will provide organizations with more visibility and control over external applications. Here's how it works.

Financially motivated and nation-state threat groups are behind a surge in the use of device code phishing attacks that abuse Microsoft's legitimate OAuth 2.0 device authorization grant flow to trick ...

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code ...

PALO ALTO, Calif., April 25, 2024 -- Salt Security today announced the release of its new multi-layered OAuth protection package to detect attempts to exploit OAuth and proactively fix vulnerabilities ...

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...

Critical security flaws in Booking.com’s implementation of Open Authorization (OAuth) could have enabled attackers to launch large-scale account takeovers, putting millions of people’s sensitive ...

Twitter officially disabled Basic authentication this week, the final step in the company’s transition to mandatory OAuth authentication. Sadly, Twitter’s extremely poor implementation of the OAuth ...