Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Dark Reading

Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands

Organizations that have implemented the "Log in with Microsoft" feature in their Microsoft Azure Active Directory environments could potentially be vulnerable to an authentication bypass that opens ...
Security Boulevard

2-Legged vs 3-Legged OAuth: Which Flow Fits Your Use Case?

Learn when to use 2-legged vs 3-legged OAuth flows for your authentication needs. Discover security vulnerabilities, implementation patterns, and how Workload Identity Federation eliminates credential ...
Bleeping Computer

Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. The adversary ...