ShinyHunters compromised Google, Qantas & dozens more using OAuth device flow attacks—bypassing MFA without exploiting a single software bug. My deep-dive analysis reveals how they did it and what ...

SSOJet delivers far more than "just SSO": we give your team the visibility, control, and security intelligence needed to defeat device flow phishing and build a future-proof identity management ...

Google reveals UNC6395 exploited Drift OAuth tokens Aug 8–18, 2025, forcing Salesforce to disable integrations ...

This is it in a nutshell and OAuth is far from impenetrable. Here is a How To guide for exploiting the vulnerabilities in OAuth authentication.

The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service ...

Before OAuth, the default authentication model for native applications was the so-called ‘password anti-pattern’ in which the native application would ask the user to provide their password for the ...

PayPal engineers have removed a "magic word" that would have allowed an attacker to obtain OAuth secret tokens for -- any -- PayPal application and access customer details.

Specific standards efforts are being integrated with other standards' work in the authentication space, most notably protocols built on the Internet Engineering Task Force (IETF) standard OAuth ...

Twitter officially disabled Basic authentication this week, the final step in the company's transition to mandatory OAuth authentication. Sadly, Twitter's extremely poor implementation of the ...

In addition to OAuth 2 authentication, Nginx's update also adds fully supported implementation of HTTP/2, with Nginx previously assisting open-source developers to work on their implementation.