CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...
Dark Reading

When Good Tokens Go Bad

Tokens are an identity's crown jewel for digital authentication and authorization. Whether they are human or machine, and instantiated as API tokens, OAuth credentials, session tokens, or ephemeral ...
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
CSOonline

OAuth token compromise hits Salesforce ecosystem again, Gainsight impacted

Attackers leveraged stolen secrets to hijack integrations and access customer data, highlighting the need for enterprises to audit connected apps and enforce token hygiene. Salesforce has disclosed ...
heise online

No Chance for Token Theft: The Backend-for-Frontend Pattern

The Backend-for-Frontend pattern addresses security issues in Single-Page Applications by moving token management back to the server. Martina Kraus has been involved in web development since her early ...
The Droid Guy

Anthropic Bans OAuth Tokens from Consumer Plans in Third-Party Tools

Anthropic has officially banned users from extracting OAuth tokens from their Claude consumer subscriptions (Free, Pro, and Max plans) to use in third-party tools and applications. The move, which the ...