Consider two real-world credential leaks. They looked similar on the surface but behaved nothing alike once a credential leaks. In one incident, a single leaked API key exposed Toyota’s T-Connect ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

Attackers leveraged stolen secrets to hijack integrations and access customer data, highlighting the need for enterprises to audit connected apps and enforce token hygiene. Salesforce has disclosed ...

In this tutorial, we’ll explore how to implement OAuth 2.1 for MCP servers step by step. To keep things practical, we’ll build a simple finance sentiment analysis server and secure it using Scalekit, ...

Microsoft is betting big on AI. Starting with integrating Bing with ChatGPT, it has implemented AI capabilities in its products. Microsoft Designer is a new product from Microsoft with AI capabilities ...

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...

A new wave of targeted phishing attacks exploiting Microsoft 365’s OAuth workflows has been uncovered by cybersecurity experts. These campaigns, observed by Volexity since March 2025, involve ...

Imagine this: you’re in the middle of an important project, juggling deadlines, and collaborating with a team scattered across time zones. Suddenly, your computer crashes, and hours of work vanish in ...

A trio of ongoing campaigns have highlighted once again the continued popularity among cybercriminals of malicious OAuth apps as a go-to attack method. In one wave of recent attacks, threat actors ...