News
The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service ...
This malicious campaign demonstrates how long-lived token theft can become the first step in a much broader breach. The post When Salesforce Becomes a De Facto Credential Repository: Lessons from the ...
UPDATE Google says a recent spate of Salesforce-related breaches was caused by attackers stealing OAuth tokens from the third ...
Hackers have stolen large volumes of data from numerous corporate Salesforce instances. They abused compromised access tokens ...
The vulnerability, which exploits Facebook’s OAuth authentication dialog, was detailed by security researcher Nir Goldshlager in a blog post last week.
A weakness in Google's OAuth "Sign in with Google" feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various ...
Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned.
ShinyHunters compromised Google, Qantas & dozens more using OAuth device flow attacks—bypassing MFA without exploiting a single software bug. My deep-dive analysis reveals how they did it and what ...
Starting August 31st, all Twitter applications now require the use of the OAuth ID to be able to access your Twitter account. Advantages of this move are: Applications are no longer allowed to ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback