SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on ...

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take ...

Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth (short for Open ...

The callback feature in Twitter's OAuth implementation can be abused, a researcher said at Hack in the Box A feature in the Twitter API (application programming interface) can be abused by ...

An OAuth feature is being abused in the wild to drop malware to people's computers.

Microsoft uncovers OAuth phishing campaigns that abuse login redirects to deliver malware and steal credentials.

Microsoft has identified a phishing campaign using malformed links to legitimate OAuth services to redirect to malware downloads.

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...