Security Boulevard

2-Legged vs 3-Legged OAuth: Which Flow Fits Your Use Case?

Learn when to use 2-legged vs 3-legged OAuth flows for your authentication needs. Discover security vulnerabilities, implementation patterns, and how Workload Identity Federation eliminates credential ...

OAuth Device Code Phishing: Azure vs. Google Compared

Azure can yield very powerful tokens while Google limits scopes, reducing the blast radius. Register for Huntress Labs' Live Hack to see live Microsoft 365 attack demos, explore defensive tactics, and ...

Experts warn Microsoft Copilot Studio agents are being hijacked to steal OAuth tokens

Security researchers from Datadog Security Labs are warning about a new phishing technique weaponizing Microsoft Copilot Studio agents to steal OAuth tokens and grants attackers access to sensitive ...
Dark Reading

Azure OAuth 2.0 Vulnerability Grabs Tokens

Omer Tsarfati and his team at security firm CyberArk are now finally able to discuss a major OAuth 2.0 vulnerability that affects Microsoft Azure web services which they have been sitting on since ...

ENow Launches App Governance Accelerator 3.1 with Unified App View and Intelligent Workflow Automation for Microsoft Entra ID

ENow launches App Governance Accelerator 3.1 with Unified App View and intelligent automation to simplify Entra ID application governance.
CSOonline

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...