ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
The Silicon Review

n8n Supply Chain Attack Steals OAuth Tokens Via Nodes

A supply chain attack on n8n injected malicious community nodes to steal user OAuth tokens, highlighting critical risks in open-source automation and third-party integrations The Silicon Review.

Descope Unveils Agentic Identity Hub 2.0, the Most Comprehensive Identity Platform for AI Agents and MCP Servers

Organizations can now use Descope as a dedicated auth and access control layer for AI agents and MCP servers with ephemeral ...

Obsidian Security targets rising tide of SaaS integration threats

Obsidian pointed to last summer’s breach of Salesloft Inc.’s cloud sales platform as one of the largest and most recent ...
SD Times

The importance of OAuth 2.0

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
CNET

OAuth 2.0 leader resigns, says standard is 'bad'

The standard grew too far away from its roots as a simple Web authentication technology, author Eran Hammer-Lahav says, and now is insecure and overly broad. Stephen Shankland worked at CNET from 1998 ...
Threat Post

Microsoft Warns on OAuth Attacks Against Cloud App Users

Application-based attacks that use the passwordless “log in with…” feature common to cloud services are on the rise. Against the backdrop of widespread remote working and the increased use of ...
Security Boulevard

OAuth Scopes & Consent: Complete Guide to Secure API Authorization

Learn how to design secure OAuth scopes and consent flows for enterprise applications. A complete guide for CTOs on API ...
Security Boulevard

Clawdbot-Style Agentic Assistants: What Your SOC Should Monitor, Triage, and Contain

What SOC teams need to monitor, triage, and contain when clawdbot-like agentic AI assistants. Includes detection signals, triage questions, and a containment playbook. The post Clawdbot-Style Agentic ...