Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
Security Boulevard

OAuth Risk Explained: Hidden Threats in SaaS

Learn how OAuth risk expands across SaaS and AI environments through tokens, integrations, and persistent access.
Hosted on MSN

The coming AI agent crisis: Why Okta's new security standard is a must-have for your business

The token's structure needed improvement, too. For example, whereas a standard OAuth workflow involves the user's ID as reported by the resource provider, this enhanced OAuth workflow involves the ...
Dark Reading

Azure OAuth 2.0 Vulnerability Grabs Tokens

Omer Tsarfati and his team at security firm CyberArk are now finally able to discuss a major OAuth 2.0 vulnerability that affects Microsoft Azure web services which they have been sitting on since ...
VentureBeat

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

One employee at Vercel adopted an AI tool. One employee at that AI vendor got hit with an infostealer. That combination created a walk-in path to Vercel’s production environments through an OAuth ...