OAuth Device Code Phishing: Azure vs. Google Compared

Azure can yield very powerful tokens while Google limits scopes, reducing the blast radius. Register for Huntress Labs' Live ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Security Boulevard

2-Legged vs 3-Legged OAuth: Which Flow Fits Your Use Case?

Learn when to use 2-legged vs 3-legged OAuth flows for your authentication needs. Discover security vulnerabilities, implementation patterns, and how Workload Identity Federation eliminates credential ...

Find hidden malicious OAuth apps in Microsoft 365 using Cazadora

Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs' Cazadora script helps uncover rogue apps before ...
Ars Technica

What is device code phishing, and why are Russian spies so successful at it?

Researchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft 365 accounts belonging to a wide range of targets, researchers ...
Redmond Magazine

Exchange Hybrid Modern Authentication Available for Use with Android and iOS Outlook Clients

Microsoft now enables the use of its Outlook e-mail client applications for Android or iOS devices with some Exchange Server products in so-called "hybrid modern authentication" scenarios, according ...

Microsoft deploys a fix to Azure cloud service that’s hit with outage

Microsoft says users of its Azure cloud portal may be not be able to access Office 365, Minecraft or other services due to ...