CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens

A newly identified phishing technique known as “CoPhish” exploits Microsoft Copilot Studio agents to deliver deceptive OAuth ...

Experts warn Microsoft Copilot Studio agents are being hijacked to steal OAuth tokens

Security researchers from Datadog Security Labs are warning about a new phishing technique weaponizing Microsoft Copilot ...
Techzine Europe

How attackers use Microsoft agents to steal OAuth tokens

AI agents are proving to be extremely resourceful. Among their discoveries can be OAuth tokens, which these digital ...
Security Boulevard

2-Legged vs 3-Legged OAuth: Which Flow Fits Your Use Case?

Learn when to use 2-legged vs 3-legged OAuth flows for your authentication needs. Discover security vulnerabilities, implementation patterns, and how Workload Identity Federation eliminates credential ...

Hidden browser extensions might be quietly recording every move you make

Researchers from browser security firm SquareX found a benign-looking extension can overlay a counterfeit sidebar onto the ...

Token Security Launches Token Research to Deliver Actionable Insights into Agentic AI Security Risks

Token Research will continue to investigate these risks through public research, and collaboration with both vendors and ...

WideField Security Raises $11.3M Series A to Secure the Full Identity Lifecycle

WideField Security, the only platform providing complete visibility and protection for the entire identity lifecycle, today ...
CSO Online

Salesforce’s glaring Dreamforce omission: Vital security lessons from Salesloft Drift

Salesforce failed to address the massive wave of OAuth breaches at its Dreamforce conference, but securing third-party ...
Security Boulevard

Scanning GitHub Gists for Secrets with Bring Your Own Source

Developers treat GitHub Gists as a "paste everything" service, accidentally exposing secrets like API keys and tokens. BYOS ...
CSOonline

What the Salesloft Drift breaches reveal about 4th-party risk

Turns out your biggest breach risk might come from a vendor’s acquisition — and an old OAuth token you didn’t even know existed. The recent SalesLoft Drift breaches revealed an uncomfortable truth ...