#oauth

[ follow ]
#cybersecurity #security #authentication #ai-agents #iam #agents #runtime-enforcement #phishing #microsoft-365
Information security
fromThe Hacker News
1 day ago

The Back Door Attackers Know About - and Most Security Teams Still Haven't Closed

OAuth tokens persist without expiration, creating significant security risks that many organizations fail to monitor effectively.
#iam
Information security
fromComputerworld
3 weeks ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromInfoWorld
3 weeks ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromComputerworld
3 weeks ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromInfoWorld
3 weeks ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
more#iam
Information security
fromTechRepublic
1 month ago

Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries

A sophisticated phishing campaign exploiting Microsoft 365 accounts has affected over 340 organizations across five countries using a legitimate OAuth feature.
#cybersecurity
Information security
fromThe Hacker News
1 month ago

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

An active device code phishing campaign targets Microsoft 365 identities across over 340 organizations in multiple countries, utilizing various deceptive techniques.
Information security
fromThe Hacker News
1 month ago

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

An active device code phishing campaign targets Microsoft 365 identities across over 340 organizations in multiple countries, utilizing various deceptive techniques.
more#cybersecurity
Information security
fromTechzine Global
2 months ago

Okta tackles shadow AI with new agent discovery tools

Agent Discovery provides visibility into unauthorized AI agents by detecting OAuth connections and mapping unsanctioned AI tool access and permissions to corporate apps.
#ai-agents
fromZDNET
4 months ago
Privacy professionals

The coming AI agent crisis: Why Okta's new security standard is a must-have for your business

fromZDNET
4 months ago
Privacy professionals

The coming AI agent crisis: Why Okta's new security standard is a must-have for your business

more#ai-agents
Information security
fromThe Hacker News
6 months ago

SaaS Breaches Start with Tokens - What Security Teams Must Watch

Stolen OAuth and API tokens enable attackers to bypass MFA and access SaaS systems, making token hygiene and rotation critical to prevent breaches.
fromRaymondcamden
7 months ago

ColdFusion (2025)'s CFOAUTH Tag

The tag did a good job of handling creating the right oauth link for you. So you could (after setting stuff up with your provider of course) drop the tag on a page, and when the user hit it, they would be prompted to login with the third party provider. When returned, the tag would handle getting the access token and such and giving you a nice little structure of data for you to use.
Software development
Privacy professionals
fromIT Pro
11 months ago

A flaw in OneDrive's File Picker feature could give access to hundreds of apps

A security flaw in OneDrive's File Picker exposes user content to third-party apps, risking data leakage.
Ruby on Rails
fromRubyflow
11 months ago

Sign in with Apple for Rails apps

OAuth reduces account creation friction; implementing Sign in with Apple is crucial for app compliance and user experience.
DevOps
fromAzure DevOps Blog
1 year ago

Spring Cleaning: A CTA for Azure DevOps OAuth Apps with expired or long-living secrets - Azure DevOps Blog

Azure DevOps OAuth apps will be phased out by 2026, urging migration to Microsoft Identity platform.
App owners are encouraged to implement secret rotation for improved security.
[ Load more ]