Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code ...

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.
Redmond Magazine

Widespread Entra ID Account Takeover Campaign Detected Using Open Source Tool

Security researchers at Calif.-based Proofpoint have uncovered a large-scale account takeover campaign aimed at Microsoft Entra ID environments. The attackers are using TeamFiltration, an open source ...
Security Boulevard

How AI Agents Are Transforming Identity Verification and Authentication Systems

Explore how AI agents enhance identity verification and authentication systems with smarter fraud detection and seamless user security.
VentureBeat

Hackers use stolen OAuth access tokens to breach dozens of organization’s internal systems

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Last week, GitHub Security researchers ...
Threat Post

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...
Dark Reading

Azure OAuth 2.0 Vulnerability Grabs Tokens

Omer Tsarfati and his team at security firm CyberArk are now finally able to discuss a major OAuth 2.0 vulnerability that affects Microsoft Azure web services which they have been sitting on since ...