Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Security Boulevard

SPIFFE vs. OAuth: Access Control for Nonhuman Identities

SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on ...
The Droid Guy

Anthropic Bans OAuth Tokens from Consumer Plans in Third-Party Tools

According to Anthropic’s updated Consumer Terms of Service, using OAuth tokens obtained through Claude Free, Pro, or Max accounts in any other product, tool, or service — including the Agent SDK — is ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
TechRepublic

Getting ready for the end of Basic Authentication in Exchange Web Services

Getting ready for the end of Basic Authentication in Exchange Web Services Your email has been sent https://assets.techrepublic.com/uploads/2019/11/20191105-Ignite ...