A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts ...

Attackers are increasingly using malicious OAuth 2.0 applications to siphon data and access sensitive information from a wide variety of cloud platforms, and mitigating the risks is proving ...

Launching a Linear OAuth app revealed a trust gap—here's what the data shows, and how Linear can solve it with a safer, more extensible app ecosystem.

Google today unveiled a new G Suite security feature to improve data access controls and enhance phishing prevention: OAuth apps whitelisting. The feature is designed to help companies control how ...

Threat actors are increasingly including malicious OAuth apps in their campaigns to break into cloud-based systems and applications. To address this growing problem, Microsoft is adding automated ...

Google announced Monday that it has embraced OAuth for Google Apps, replacing a less secure system for developers. "Until today, Google Apps administrators had to sign requests for calls to Google ...

A phishing campaign has been discovered that doesn't target a recipient's username and password, but rather uses the novel approach of gaining access to a recipient's Office 365 account and its data ...

The Russian hacking group blamed for targeting U.S. and European elections has been breaking into email accounts, not only by tricking victims into giving up passwords, but by stealing access tokens ...

With attackers exploiting trust in apps, integrations and users to gain access that looks legitimate, organizations must rethink their approach beyond traditional tools.