OAuth stories

Criminals are using Kubernetes and cloud-native tools to rapidly scale phishing-as-a-service, targeting Gmail, Facebook and Microsoft O365.

Proofpoint flags a sharp rise in Microsoft 365 account takeovers via device code phishing, hitting firms from finance to government.

Cyber attacks on SaaS platforms are soaring, pushing boards to make AI‑driven security a core strategy as misconfigurations fuel mass breaches.

CData's Connect AI now enables Microsoft Copilot Studio agents to access and act on live data from 350+ enterprise systems, boosting AI-driven business insights.

Proofpoint reveals how weaponised OAuth apps enable hackers to maintain cloud access despite password resets and MFA, threatening persistent account takeover.

Google Workspace’s native tools struggle to manage unapproved SaaS apps, exposing firms to data risks amid rising shadow IT use.

Barracuda warns of a surge in advanced OAuth phishing attacks exploiting Microsoft 365 and other platforms to steal access tokens and bypass multifactor authentication.

Delinea has launched its open-source MCP Server, enabling secure, policy-driven access for AI agents to manage credentials and workflows efficiently.

SquareX launches two open-source toolkits to help security teams simulate and defend against browser-based attacks that evade traditional enterprise defences.

Norway mandates FAPI 2.0 security protocol across its national healthcare network to enhance protection of patient data with banking-level safeguards.

Okta has launched Cross App Access to enhance enterprise AI security by giving IT teams central control and visibility over AI agent interactions with apps.

Outpost24 reveals seven common OAuth risks and offers best practices to help organisations prevent unauthorised access and data breaches through better token security.

Over 80,000 Microsoft Entra ID accounts have been targeted in the UNK_SneakyStrike takeover campaign exploiting the TeamFiltration penetration testing tool.

Harness unveils IDP 2.0, enhancing developer speed and security with granular RBAC, real-time Git sync, and enterprise-scale usability.

Pax8 launches new AI initiatives, including a research report, learning programme, marketplace upgrades, and rewards to accelerate MSP growth in SMB transformation.

Cloudflare partners with Anthropic to enable secure, real-time AI integrations with SaaS giants like Atlassian, Stripe, and PayPal using its new MCP toolkit.

A recent report by Proofpoint reveals that 78% of Microsoft 365 users faced account takeovers, with attackers adeptly using HTTP client tools like Axios.

The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.

Phishing techniques are evolving, targeting cloud-based services like Gmail, deceiving users into granting API access and exposing sensitive data.

Symantec reveals up to 100k Facebook apps could be leaking user data, with millions of accounts potentially compromised.