Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...

Step-by-step guide to setting up two-factor authentication on Google, Apple, Microsoft, and social platforms for stronger account security.

The 11-year-old vulnerability likely impacts many devices that are no longer supported — and presents easy exploit even for those that are. Computers with Telnet open are in immediate danger of being ...

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...

Microsoft 365 is under attack, China and Russia afflited hackers suspected. Updated December 23 with advice from a mobile security solutions expert regarding the Russian device code attacks targeting ...

Since September 2025, a suspected Russia-aligned group known as UNK_AcademicFlare has executed a phishing campaign targeting Microsoft 365 credentials. The campaign mainly impacts entities in ...

Macworld reports that leaked internal code reveals Apple’s mystery smart home accessory codenamed ‘J229’, expected to launch in spring 2026. The device appears to be a security camera with multiple ...

Google Wallet’s “private passes” — government IDs, health insurance cards, et cetera — don’t currently sync between devices. Code found in Google Play services indicates that may be changing. It’s ...

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...

What if your AI assistant could remember everything you’ve ever shared with it, without ever feeling invasive or overwhelming? That’s exactly what Anthropic has achieved with its new Claude memory ...