OAuth Device Code Phishing: Azure vs. Google Compared

Azure can yield very powerful tokens while Google limits scopes, reducing the blast radius. Register for Huntress Labs' Live Hack to see live Microsoft 365 attack demos, explore defensive tactics, and ...
SiliconANGLE

Potential OAuth lapses could have led to significant data breaches, warns Salt Labs

A new report released today by application programming interface security startup Salt Security Inc. warns of significant vulnerabilities in several major online platforms’ social sign-in and Open ...
Threat Post

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...
Ars Technica

OAuth and OAuth WRAP: defeating the password anti-pattern

The developers behind the OAuth protocol have developed a new variant called OAuth WRAP that is simpler and easier to implement. It’s a stop-gap solution that will enable broader OAuth adoption while ...
Morningstar

BitMart Launches Fast API with OAuth2.0 Integration — Powering the Next Generation of Global Brokers

BitMart, a premier global digital asset trading platform, is proud to announce the launch of its Fast API integration, now fully supporting the OAuth2.0 authorization protocol. This major technical ...
Hosted on MSN

How Linear Can Build a Safer OAuth App Ecosystem (Lessons from Launching Linear Top Issue)

What would it take for users to trust OAuth apps with their Linear workspace? After launching Linear Top Issue, I learned the hard way and here's how Linear can solve it. Earlier this month, I ...
CSOonline

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...