OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Learn the security risks in SaaS supply chains and about ShinyHunters’ evolving extortion tactics behind the alleged Woflow breach. The post ShinyHunters Claims Woflow Breach: What It Means for SaaS ...

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take ...

Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads.

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Last week, GitHub Security researchers ...

Heads turned Wednesday when Twitter turned off its popular new authentication service, which uses the emerging OAuth web standard. The real story soon broke that someone exposed an OAuth security ...

We’ve talked a few times here about the issues with the CVSS system. We’ve seen CVE farming, where a moderate issue, or even a non-issue, gets assigned a ridiculously high CVSS score. There are times ...

Another day, another major internet security flaw (step aside, Heartbleed). A bug has been found in OpenID and OAuth 2.0, two authentication programs that let you log into web sites using your Google, ...

The emerging OAuth 2.0 Web API authorization protocol, already deployed by Facebook, Salesforce.com and others, is coming under increased criticism for being too easy to use, and therefore to spoof by ...

Twitter officially disabled Basic authentication this week, the final step in the company’s transition to mandatory OAuth authentication. Sadly, Twitter’s extremely poor implementation of the OAuth ...