OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

In MCP, every request comes from a nonhuman identity: an agent, server or tool. These identities don't act under direct human oversight. They generate requests dynamically, chain operations and carry ...

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ...

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...

Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads.

An OAuth feature is being abused in the wild to drop malware to people's computers.

A silent 2025 SaaS breach shows how dormant tokens enable access and authorization drift in AI systems, pushing durable, short-lived credentials with real-time checks.

The paper outlines a proposed project aimed at adapting modern IAM frameworks to a new class of digital actors that operate across enterprise networks.

AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance ...

Legal language change aims to make longstanding policy clear Anthropic this week revised its legal terms to clarify its policy forbidding the use of third-party harnesses with Claude subscriptions, as ...