The Hacker News

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The ...
PC World

What’s behind the OpenClaw ban wave

PCWorld reports that Anthropic and Google are banning users who connect flat-rate Claude or Gemini accounts to OpenClaw due to excessive AI token consumption. Google DeepMind cites “malicious usage” ...
winbuzzer.com

Anthropic Bans Claude Subscription OAuth in Third-Party Apps

Developers using third-party AI tools tied to Claude subscription credentials face immediate disruption in the week of February 19, 2026. Anthropic says OAuth tokens from Free, Pro, and Max plans are ...
gadgets360

Microsoft 365 Accounts Reportedly Breached After Hackers Exploit Legitimate Microsoft OAuth Feature

Attackers trick users into approving access on real Microsoft pages OAuth device code phishing surged sharply since September 2025 Both cybercriminals and state-linked actors reportedly use this ...
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...
Bleeping Computer

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. Attackers trick victims into entering a device code on ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
ZDNet

The coming AI agent crisis: Why Okta's new security standard is a must-have for your business

IT managers have limited visibility into when users give external apps access to company data. When those external apps are AI agents, the security risks multiply by orders of magnitude. Okta has ...
HealthTech

Why Healthcare Organizations Need an IRE for Epic

Mitigating and minimizing downtime is crucial for healthcare organizations because patient outcomes are on the line. With the cybersecurity landscape becoming increasingly perilous for health systems, ...
CSOonline

OAuth token compromise hits Salesforce ecosystem again, Gainsight impacted

Attackers leveraged stolen secrets to hijack integrations and access customer data, highlighting the need for enterprises to audit connected apps and enforce token hygiene. Salesforce has disclosed ...
Bleeping Computer

New CoPhish attack steals OAuth tokens via Copilot Studio agents

A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. The technique was ...