Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Security Boulevard

SAML vs OIDC vs OAuth 2.0: 12 Differences Every B2B Engineering Team Should Know

Choosing between SAML, OIDC, and OAuth 2.0? Explore 12 critical differences to help your B2B engineering team select the right authentication protocol today.
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Dark Reading

OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps

A vulnerability in the implementation of the Open Authorization (OAuth) standard that websites and applications use to connect to Facebook, Google, Apple, Twitter, and more could allow attackers to ...
CSOonline

Salt Security adds defense against OAuth attacks

Salt Security has added a new OAuth security offering to its API protection platform to help organizations detect attempts to exploit OAuth and fix vulnerabilities associated with the protocol. OAuth ...
Threat Post

PayPal Fixes OAuth Token Leaking Vulnerability

PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. PayPal fixed an issue that could have allowed an attacker to hijack OAuth ...