PC World

What’s behind the OpenClaw ban wave

PCWorld reports that Anthropic and Google are banning users who connect flat-rate Claude or Gemini accounts to OpenClaw due to excessive AI token consumption. Google DeepMind cites “malicious usage” ...
Bleeping Computer

ConsentFix debrief: Insights from the new OAuth phishing attack

In December, the Push Security research team discovered and blocked a brand new attack technique that we coined ConsentFix. This technique merged ClickFix-style social engineering with OAuth consent ...
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
ZDNet

The coming AI agent crisis: Why Okta's new security standard is a must-have for your business

IT managers have limited visibility into when users give external apps access to company data. When those external apps are AI agents, the security risks multiply by orders of magnitude. Okta has ...
InfoQ

InfoQ Java Trends Report 2025

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Andres Almiray, a serial open-source ...
Cloud Security Alliance

The Salesloft Drift OAuth Supply-Chain Attack: Cross-Industry Lessons in Third-Party Access Visibility

The August 2025 Salesloft Drift breach demonstrates a systemic security blind spot across all industries: third-party delegated access through OAuth integrations. Over 700 organizations — including ...
marktechpost

Understanding OAuth 2.1 for MCP (Model Context Protocol) Servers: Discovery, Authorization, and Access Phases

OAuth 2.1 is the officially mandated authorization standard in the Model Context Protocol (MCP) specifications. According to the official documentation, authorization servers must implement OAuth 2.1 ...
TheServerSide

Critical Java JVM options and parameters

Community driven content discussing all aspects of software development from DevOps to design patterns. To use any of these JVM options, simply append them as text after the java runtime command. For ...
CSOonline

Cybercrooks faked Microsoft OAuth apps for MFA phishing

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...
Infosecurity-magazine.com

Russian Threat Actors Target NGOs with New OAuth Phishing Tactics

A new wave of targeted phishing attacks exploiting Microsoft 365’s OAuth workflows has been uncovered by cybersecurity experts. These campaigns, observed by Volexity since March 2025, involve ...