OAuth Device Code Phishing: Azure vs. Google Compared

Azure can yield very powerful tokens while Google limits scopes, reducing the blast radius. Register for Huntress Labs' Live Hack to see live Microsoft 365 attack demos, explore defensive tactics, and ...
Dark Reading

OAuth Attacks Target Microsoft 365, GitHub

A trio of ongoing campaigns have highlighted once again the continued popularity among cybercriminals of malicious OAuth apps as a go-to attack method. In one wave of recent attacks, threat actors ...
The Hacker News

Who's Really Using Your SaaS? The Rise of Non-Human Identities

Your SaaS users aren’t all human. Explore how machine identities drive automation and create unseen risks across business applications.
Hosted on MSN

Hackers are exploiting OAuth loophole for persistent access - and resetting your password won't save you

Researchers have observed attackers weaponizing OAuth apps Attackers gain access that persists even through password changes and MFA This isn't just a proof of concept - it's been observed in the wild ...