Hackers used a backdoor through a little-known third-party app to steal LastPass customer data.
An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce ...
ReliaQuest observed attackers generating OAuth tokens and using Python scripts to query Salesforce's API for extended periods, as data was stolen. Huntress later disclosed that its own Salesforce ...
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The ...
The post 6 OAuth 2.1 Changes That Will Break (and Fix) Your B2B Authentication Stack appeared first on SSOJet – Enterprise SSO & Identity Solutions. OAuth 2.1 isn't a new protocol. It's a cleanup bill ...
Luxury performance outerwear and clothing giant Canada Goose has confirmed a data breach after a prolific threat actor leaked over 600,000 customer records. Toronto-based Canada Goose reported annual ...
Picture this: You invite a new friend over with the expectation of enjoying some time together and getting to know them better. But, instead of sitting quietly on your sofa, they rush off and start ...
Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...
Your browser does not support the audio element. Web application security depends on authentication as its fundamental element. The selection of appropriate ...