Proofpoint has warned about phishing campaigns abusing legitimate device authorization flow to bypass MFA and gain persistent ...

FreePBX patched 2025 flaws allowing SQL injection, file upload attacks, and an auth bypass only when webserver AUTHTYPE was ...

Financially motivated and nation-state threat groups are behind a surge in the use of device code phishing attacks that abuse Microsoft's legitimate OAuth 2.0 device authorization grant flow to trick ...

Explore the differences between passkeys and biometrics in authentication. Understand their functionalities, security, and how they enhance software development.

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code ...

A Russia-aligned threat group uses Microsoft 365 device code phishing to steal credentials and take over accounts, tracked ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat ...

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...

Hackers thought to be aligned with China and Russia are suspected to be behind a wave of account takeover attacks targeting Microsoft 365 users.

MITRE has released its Top 25 CWE list for 2025, compiled from software and hardware flaws behind almost 40,000 CVEs ...

Learn the 8 essential types of testing desktop applications need, from functional and performance testing to security, ...