Bleeping Computer

Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. The attacks target government and public-sector ...
The Hacker News

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The ...
Windows Report

Microsoft Warns of New OAuth Phishing Technique Abusing Trusted Login Redirects

Researchers from Microsoft Defender have uncovered phishing campaigns that misuse OAuth’s built-in redirection behavior to deliver malware and redirect victims to malicious websites. Importantly, the ...
winbuzzer.com

Anthropic Bans Claude Subscription OAuth in Third-Party Apps

Developers using third-party AI tools tied to Claude subscription credentials face immediate disruption in the week of February 19, 2026. Anthropic says OAuth tokens from Free, Pro, and Max plans are ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
ZDNet

The coming AI agent crisis: Why Okta's new security standard is a must-have for your business

IT managers have limited visibility into when users give external apps access to company data. When those external apps are AI agents, the security risks multiply by orders of magnitude. Okta has ...
GitHub

Extract OAuth flow logic into reusable components for proxy use cases

Refactor OAuth implementation so the flow logic and state machine are usable by server-side proxy services, not just client-side browser flows. The SDK's OAuth implementation is designed for local ...
The Hacker News

Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity

Salesforce has warned of detected "unusual activity" related to Gainsight-published applications connected to the platform. "Our investigation indicates this activity may have enabled unauthorized ...
GitHub

MCP Toolset OAuth2 User Interaction Flow Defects

The current Google ADK Python implementation has critical defects in the MCP (Model Context Protocol) Toolset OAuth2 authentication flow that prevent proper user interaction during the authentication ...
Dark Reading

OAuth Abuse: The Threat of Illicit Consent Grants

Picture this: You invite a new friend over with the expectation of enjoying some time together and getting to know them better. But, instead of sitting quietly on your sofa, they rush off and start ...
Cloud Security Alliance

The Salesloft Drift OAuth Supply-Chain Attack: Cross-Industry Lessons in Third-Party Access Visibility

The August 2025 Salesloft Drift breach demonstrates a systemic security blind spot across all industries: third-party delegated access through OAuth integrations. Over 700 organizations — including ...
Game Rant

These Tutorials Are So Long, They Hurt Their Games

Ritwik is a passionate gamer who has a soft spot for JRPGs. He's been writing about all things gaming for six years and counting. No matter how great a title's gameplay may be, there's always the ...