JD Supra

Beyond the Perimeter: Securing OAuth Tokens and API Access to Thwart Modern Cyber Attackers

The threat landscape continues to evolve, and cybersecurity professionals must keep pace with threat actors’ changing tactics and objectives. A recent supply attack that reportedly affected hundreds ...
WinBuzzer

Anthropic Bans Claude Subscription OAuth in Third-Party Apps

Anthropic has officially banned using Claude subscription OAuth in third-party tools, forcing developers to switch to API ...

Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Threat Post

PayPal Fixes OAuth Token Leaking Vulnerability

PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. PayPal fixed an issue that could have allowed an attacker to hijack OAuth ...
CSO Online

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.
Dark Reading

Azure OAuth 2.0 Vulnerability Grabs Tokens

Omer Tsarfati and his team at security firm CyberArk are now finally able to discuss a major OAuth 2.0 vulnerability that affects Microsoft Azure web services which they have been sitting on since ...
TechRadar

Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks

Revenue workflow platform Salesloft suffered a cyberattack which saw threat actors break in through a third-party and steal sensitive information. The company is using Drift, a conversational ...