News

The Hacker News19m

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts

The ongoing campaign, first detected in early 2025, is designed to use the OAuth applications as a gateway to obtain ...

How attackers are still phishing "phishing-resistant" authentication

Think passkeys make you phishing-proof? Think again. Attackers are using downgrade attacks, device-code phishing, and OAuth ...
Threat Post5y

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

The vulnerability exists because when Microsoft applications undergo the OAuth 2.0 (the next generation of OAuth) authorization flow, they trust certain third-party domains and sub-domains that ...

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in ...
CSOonline5y

What is OAuth? How the open authorization framework works

For OAuth to work, the end-user’s client software (e.g., a browser), the services involved and authentication provider must support the right version of OAuth (1.0 versus 2.0).
VentureBeat3y

Hackers use stolen OAuth access tokens to breach dozens ... - VentureBeat

OAuth tokens are one of the go-to elements that IT vendors use to automate cloud services like code repositories and devops pipelines. While these tokens are useful for enabling key IT services ...
techtimes6mon

From OAuth to JWT: Nikhil Chandrashekar's Comprehensive Guide to Secure ...

In essence, OAuth defines four main roles. Resource owner, client, authorization server, and resource server. Each of them interacts to enable secure data sharing. Nikhil explains, "OAuth is built ...