Find hidden malicious OAuth apps in Microsoft 365 using Cazadora

Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs' Cazadora script helps uncover rogue apps before ...

New CoPhish attack steals OAuth tokens via Copilot Studio agents

A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent ...

Experts warn Microsoft Copilot Studio agents are being hijacked to steal OAuth tokens

Security researchers from Datadog Security Labs are warning about a new phishing technique weaponizing Microsoft Copilot ...
CSO Online

Salesforce’s glaring Dreamforce omission: Vital security lessons from Salesloft Drift

Salesforce failed to address the massive wave of OAuth breaches at its Dreamforce conference, but securing third-party ...

Hackers are exploiting OAuth loophole for persistent access - and resetting your password won't save you

Cybercriminals have increasingly used cloud account takeover (ATO) tactics in recent years - as it allows them to hijack ...
Security Boulevard

SMART on FHIR Explained: Use Cases & Implementation Tips

Apps that wish to implement SMART on FHIR need to invest in dedicated and ongoing expertise in complex standards like OAuth and OpenID Connect, implement user consent management, and securely manage ...

Why the x402 protocol didn’t fade after the PING hype, and what’s driving the second wave

How x402 enables USDC pay-per-use, why adoption outlived PING, how Coinbase and Cloudflare are standardizing it and how to ...

The Shift To Agentic Finance Has Serious Implications For Banks

Fintech is going to be shaped by what customers do with AI and the evolution of agentic finance will lead to a very different ...

CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens

A newly identified phishing technique known as “CoPhish” exploits Microsoft Copilot Studio agents to deliver deceptive OAuth ...
Security Boulevard

2-Legged vs 3-Legged OAuth: Which Flow Fits Your Use Case?

Learn when to use 2-legged vs 3-legged OAuth flows for your authentication needs. Discover security vulnerabilities, implementation patterns, and how Workload Identity Federation eliminates credential ...