In today's security landscape, some of the most dangerous vulnerabilities aren't flagged by automated scanners at all. These ...

Choosing between SAML, OIDC, and OAuth 2.0? Explore 12 critical differences to help your B2B engineering team select the right authentication protocol today.

Canada Post announced Thursday that it’s starting preliminary work to convert addresses that receive door-to-door mail to community mailboxes. Over four million addresses still receive door-to-door ...

Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the device code authentication flow to compromise organizational accounts at scale. While traditional device ...

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. In this type of attack, the threat actor sends a ...

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit ...

Hackers are hijacking Microsoft enterprise accounts by abusing a legitimate device-code authentication feature, tricking victims into entering attacker-generated codes on Microsoft’s own login portal.

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...