Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs' Live Hack to learn about attack techniques, defensive ...

Cybercriminals, including state-sponsored threat actors, are increasingly abusing Microsoft’s OAuth 2.0 device code authentication flow to take over Microsoft 365 accounts.

Learn everything about access tokens: their structure, how they work in SSO and CIAM, and critical security measures to protect them from threats.

With no shortage of cybersecurity risks in state and local government, state CIOs expect enterprise identity and access management solution adoption or expansion to be the cybersecurity initiative ...

Cybercriminals have launched a widespread phishing campaign exploiting Microsoft's OAuth device code flow to bypass MFA and ...

GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is ...

Update, Feb. 26, 2025: This story, originally published Feb. 23, now includes additional commentary regarding the potential security implications of the decision to deprecate SMS from the Gmail ...

Multi-factor authentication requires users to present two or more pieces of evidence to prove their identity, such as a password and a one-time code sent to an ...

Today’s credential-based attacks are much more sophisticated. Whether it’s advanced phishing techniques, credential stuffing, or even credentials compromised through social engineering or breaches of ...

2FA, or two-factor authentication, is a type of MFA (multi-factor authentication) that uses two factors to verify your identity at the time of login. While one of these factors is almost always the ...