WinBuzzer

Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA

Cybercriminals have launched a widespread phishing campaign exploiting Microsoft's OAuth device code flow to bypass MFA and ...
Security Boulevard

What are Access Tokens? Complete Guide to Access Token Structure, Usage & Security

Learn everything about access tokens: their structure, how they work in SSO and CIAM, and critical security measures to protect them from threats.
Redmond Magazine

Widespread Entra ID Account Takeover Campaign Detected Using Open Source Tool

Security researchers at Calif.-based Proofpoint have uncovered a large-scale account takeover campaign aimed at Microsoft Entra ID environments. The attackers are using TeamFiltration, an open source ...
CSOonline

What the Salesloft Drift breaches reveal about 4th-party risk

Turns out your biggest breach risk might come from a vendor’s acquisition — and an old OAuth token you didn’t even know existed. The recent SalesLoft Drift breaches revealed an uncomfortable truth ...