ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA ...
Attackers behind a password-spraying campaign targeting Microsoft Office 365 accounts have amassed dozens of victims by abusing a deprecated feature in OAuth 2.0 to ...
Threat actors have made over 81 million login attempts in a massive password spray campaign targeting Azure CLI.
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, ...
The FBI has issued a fresh warning about a growing cybercrime service known as Kali365, a new Phishing-as-a-Service (PhaaS) platform that enables attackers to hijack Microsoft 365 accounts without ...
In a near replica of a separate campaign this summer, hackers connected to the ShinyHunters extortion operation have once again breached many organizations' Salesforce instances via a third-party ...
Ever stared at a “Sign in with Google” button and wondered about the magic happening behind the scenes? Or perhaps you’re building a fantastic new application, and you need it to securely talk to ...
Modern SSO protocols allow users to authenticate with one identity provider and gain access to multiple services. The most common standards are: Despite their widespread adoption, each of these has ...