ZDNet

Microsoft warning: These phishing attackers used fake OAuth apps to steal email

Microsoft has warned that fraudulent Microsoft Partner Network (MPN) accounts were used in a phishing campaign that featured bogus apps that tricked victims into granting them permissions to access ...
Threat Post

Twitter OAuth API Keys Leaked

The OAuth keys and secrets that official Twitter applications use to access users’ Twitter accounts have been leaked in a post to Github this morning. The OAuth keys and secrets that official Twitter ...
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Hosted on MSN

Hackers are exploiting OAuth loophole for persistent access - and resetting your password won't save you

Researchers have observed attackers weaponizing OAuth apps Attackers gain access that persists even through password changes and MFA This isn't just a proof of concept - it's been observed in the wild ...
InfoWorld

OAuth 2.0: The protocol at the center of the universe

I am writing this article on the iPad Mini using the Editorial app. This app is connected to my Dropbox account and automatically synchronizes my work. When I come home I can continue editing on my ...
The Next Web

Twitter OAuth Support Now In Public Beta

It’s been a long time coming, but finally Twitter has released OAuth support to Twitter developers worldwide. Alex Payne, Twitter’s API lead just announced the news via, you guessed it, Twitter. A few ...