Azure can yield very powerful tokens while Google limits scopes, reducing the blast radius. Register for Huntress Labs' Live Hack to see live Microsoft 365 attack demos, explore defensive tactics, and ...

Apps that wish to implement SMART on FHIR need to invest in dedicated and ongoing expertise in complex standards like OAuth and OpenID Connect, implement user consent management, and securely manage ...

Tl;dr: If you manage even one Microsoft 365 tenant, it’s time to audit your OAuth apps. Statistically speaking, there’s a strong chance a malicious app is lurking in your environment. Seriously, go ...

New guidance aimed at agent developers, architects, standards bodies and enterprises throws doubt on security standards around simple AI agent scenarios, claiming AI agents can not work independently, ...

The August 2025 Salesloft Drift breach demonstrates a systemic security blind spot across all industries: third-party delegated access through OAuth integrations. Over 700 organizations — including ...

Three standards for real-time digital identity security event sharing are now Final Specifications, after their approval by the OpenID Foundation. OpenID’s Shared Signals Framework 1.0, Continuous ...

Google Threat Intelligence Group (GTIG) warns that attackers are stealing OAuth tokens via Salesloft Drift integrations in a massive Salesforce data theft. Alphabet’s GTIG and Mandiant attributed the ...

Hackers accessed customer contact information and case data from Salesforce instances at Cloudflare, Palo Alto Networks, and Zscaler. Cybersecurity firms Cloudflare, Palo Alto Networks, and Zscaler on ...

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many ...

Google is advising users of the Salesloft Drift AI chat agent to consider all security tokens connected to the platform compromised following the discovery that unknown attackers used some of the ...