Security Boulevard

2-Legged vs 3-Legged OAuth: Which Flow Fits Your Use Case?

Learn when to use 2-legged vs 3-legged OAuth flows for your authentication needs. Discover security vulnerabilities, implementation patterns, and how Workload Identity Federation eliminates credential ...

Experts warn Microsoft Copilot Studio agents are being hijacked to steal OAuth tokens

Security researchers from Datadog Security Labs are warning about a new phishing technique weaponizing Microsoft Copilot ...

Microsoft makes it easier to add iCloud accounts to Outlook

Microsoft is simplifying how users add Apple iCloud accounts to Outlook apps replacing the need for cumbersome app-specific passwords.
ZDNet

Microsoft warning: These phishing attackers used fake OAuth apps to steal email

Microsoft has warned that fraudulent Microsoft Partner Network (MPN) accounts were used in a phishing campaign that featured bogus apps that tricked victims into granting them permissions to access ...
CSOonline

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...