Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
GitHub

Oauth U2M Azure regression/breaking change in 1.10

After upgrading from dbt-databricks 1.9.7 to 1.10.1 the Oauth configuration for Azure that is set up following this guide no longer seem to work with Databricks returning with the error: ...
GitHub

Azure OAuth CSRF State Not Equal Error

When I try to use Azure OAuth to log into my Airflow application, instead of logging me in I am sent back to the login page with a CSRF state mismatch error. I am ...
Bleeping Computer

Microsoft disables verified partner accounts used for OAuth phishing

Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations' cloud environments to steal email. In a ...
Cloud Security Alliance

The Salesloft Drift OAuth Supply-Chain Attack: Cross-Industry Lessons in Third-Party Access Visibility

Salesloft breach shows how OAuth tokens abused by trusted apps enable data exposure, underscoring the need for Zero Trust and ...
ZDNet

Microsoft warns about this phishing attack that wants to read your emails

Microsoft is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails.