ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
JD Supra

Beyond the Perimeter: Securing OAuth Tokens and API Access to Thwart Modern Cyber Attackers

The threat landscape continues to evolve, and cybersecurity professionals must keep pace with threat actors’ changing tactics and objectives. A recent supply attack that reportedly affected hundreds ...
Infosecurity-magazine.com

Attacker Accessed Dozens of Repositories After OAuth Token Theft

GitHub has revealed that dozens of organizations were compromised by a data thief that used stolen OAuth tokens to access their private repositories. The developer platform’s security team opened an ...
Threat Post

OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks

Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more. An APT known as TA2552 has been spotted using OAuth2 or other token-based authorization ...
Security Boulevard

What are Refresh Tokens? Complete Implementation Guide & Security Best Practices

Learn how refresh tokens work in enterprise SSO. This guide covers implementation, rotation, and security best practices for CIAM systems.
Security Boulevard

OAuth Scopes & Consent: Complete Guide to Secure API Authorization

Learn how to design secure OAuth scopes and consent flows for enterprise applications. A complete guide for CTOs on API ...
Outlookindia

Token-Gated Communities: The Future Of Online Access Control

In today's digitally connected world the notion of access has reached new level of complexity. With so many of us working, socializing, and making transactions online, how we govern who comes in and ...