The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and ...

The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising ...

In recent weeks, major companies like Palo Alto Networks, Zscaler, Cloudflare, and SpyCloud have all confirmed they were ...

Heads turned Wednesday when Twitter turned off its popular new authentication service, which uses the emerging OAuth web standard. The real story soon broke that someone exposed an OAuth security ...

An as-of-yet undiagnosed compromise of the Salesloft Drift AI-driven platform has led to a rash of stolen OAuth tokens, in turn creating downstream breaches at some of the biggest names in the ...

Threat actors had access to Salesloft’s GitHub account between March and June 2025 and performed reconnaissance.

Google Threat Intelligence Group has tracked threat actor UNC6395 stealing OAuth tokens via Salesloft Drift integrations in a ...

These innovations will empower organizations to identify and mitigate malicious attempts to exploit OAuth flows, ultimately safeguarding sensitive data and user accounts. PALO ALTO, Calif., April 25, ...

Threat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for ...

The emerging OAuth 2.0 Web API authorization protocol, already deployed by Facebook, Salesforce.com and others, is coming under increased criticism for being too easy to use, and therefore to spoof by ...

Twitter officially disabled Basic authentication this week, the final step in the company's transition to mandatory OAuth authentication. Sadly, Twitter's extremely poor implementation of the OAuth ...