Security Boulevard

2-Legged vs 3-Legged OAuth: Which Flow Fits Your Use Case?

Learn when to use 2-legged vs 3-legged OAuth flows for your authentication needs. Discover security vulnerabilities, implementation patterns, and how Workload Identity Federation eliminates credential ...

CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens

A newly identified phishing technique known as “CoPhish” exploits Microsoft Copilot Studio agents to deliver deceptive OAuth ...
Cybernews

Attackers abusing OAuth to maintain access long after passwords are reset

Hackers are using OAuth as a loophole to retain access to user accounts. Password resets won’t help, and even multi‑factor ...

Hackers are exploiting OAuth loophole for persistent access - and resetting your password won't save you

Cybercriminals have increasingly used cloud account takeover (ATO) tactics in recent years - as it allows them to hijack ...
ZDNet

Heroku fesses up to customer password theft due to OAuth token attack

Heroku has explained why it emailed users with a sudden password reset warning earlier this week, and how it was due to the theft of OAuth tokens from GitHub. "[Our investigation] revealed that the ...

Find hidden malicious OAuth apps in Microsoft 365 using Cazadora

Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs' Cazadora script helps uncover rogue apps before ...
Digit

Twitter makes OAuth mandatory; tries out new link wrapping service

Applications are no longer allowed to store your password. If you change your password, the applications will continue to work. Some applications you have been using may require you to reauthorize ...
Threat Post

Facebook Patches OAuth Authentication Vulnerability

Social media supersite Facebook has fixed a vulnerability that could have allowed a hacker to access a user’s account simply by getting them to click through to a specially crafted website. The flaw ...