ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
Security Boulevard

Understanding Implicit Identity Authentication Methods

A deep dive into implicit identity authentication methods for software development, covering oauth 2.0 flows, security risks, and modern alternatives for single-page applications.
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...