Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads.

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Microsoft uncovers OAuth phishing campaigns that abuse login redirects to deliver malware and steal credentials.

OpenClaw runs locally, but the risk lives in SaaS. Learn how OAuth tokens, API access, and AI agents create identity-based exposure across platforms.

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...

The traditional "identity first" approach is struggling because it treats access as a binary state—either you’re in or you’re out.

As organisations accelerate digital onboarding and automated compliance processes, the security and reliability of verification APIs are coming under increased scrutiny. For development teams, the ...

Userful, the leading software-defined platform for enterprise-wide operational awareness and response, today announced ...

The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing ...

A fake company bought a valid EV certificate, signed malware, and helped criminals keep remote access to enterprise PCs.