Security researchers at Salt Security Inc. today released new threat research that highlights critical security flaws found on the website of popular hotel booking service Booking Holdings Inc. The ...

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...

Earlier this week, we reported on a number of new security enhancements that we expect Gmail to launch in the next few days, including oAuth support. It looks like we were right: a small startup ...

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...

Financially motivated and nation-state threat groups are behind a surge in the use of device code phishing attacks that abuse Microsoft's legitimate OAuth 2.0 device authorization grant flow to trick ...

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover. Third-party applications that allow single sign-on via Facebook ...

The surge in attempts to compromise Microsoft 365 accounts has been enabled by readily available phishing tools.

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...