In December, the Push Security research team discovered and blocked a brand new attack technique that we coined ConsentFix. This technique merged ClickFix-style social engineering with OAuth consent ...

Attackers trick users into approving access on real Microsoft pages OAuth device code phishing surged sharply since September 2025 Both cybercriminals and state-linked actors reportedly use this ...

Cybercriminals are launching a widespread wave of phishing attacks that bypass Multi-Factor Authentication (MFA) by exploiting a standard Microsoft 365 feature. Security researchers at Proofpoint warn ...

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

Mitigating and minimizing downtime is crucial for healthcare organizations because patient outcomes are on the line. With the cybersecurity landscape becoming increasingly perilous for health systems, ...

A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. The technique was ...

I ran into a few issues trying to add FastMCP to my existing FastAPI app that is already set up with AWS Cognito authentication. Side note: The AWS Cognito Provider documentation step 6 has ...

fastapi-google-oauth-backend/ ├── app/ │ ├── main.py # Application entry point & startup │ ├── models.py # SQLAlchemy database models │ ├── schemas.py # Pydantic request/response schemas │ ├── ...

In August 2025, attackers exploited the Salesloft-Drift OAuth integration to compromise over 700 organizations’ Salesforce instances. This wasn’t a direct vulnerability in Salesforce, but rather an ...

Forbes contributors publish independent expert analyses and insights. I track enterprise software application development & data management. Identity is everywhere. As the United Kingdom now follows ...