WORCESTER – Ashley R. Spring, who was arrested during the Eureka Street incident last year, will not face trial.

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

IT managers have limited visibility into when users give external apps access to company data. When those external apps are AI agents, the security risks multiply by orders of magnitude. Okta has ...

Millions of Americans rely on the Social Security Administration for information on when to claim retirement benefits and for help if their Social Security numbers have been compromised. Three new ...

I’ll be honest–I’m not thrilled that we’ve reached the time of year when going out for a daily run feels like stepping into an icebox. So long–for now–are the days of running in tank tops and shorts ...

This seems to be a bit of a coordination issue between spring security and authentik but I struggled for a few days and finally figured out that oauth/oidc authentication was working fine with other ...

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...

A new Social Security scam has been targeting seniors with emails that falsely claim that their Social Security numbers have been involved in criminal activities. The email goes on to threaten to ...

Over 100 models of Dell laptop PCs across the enterprise-centric Latitude and Precision ranges, and many thousands of individual devices, are at risk of compromise through a series of five common ...

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...

A new wave of targeted phishing attacks exploiting Microsoft 365’s OAuth workflows has been uncovered by cybersecurity experts. These campaigns, observed by Volexity since March 2025, involve ...