Security Boulevard

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload ...
Security Boulevard

Is All OAuth The Same For MCP?

Is the "S" in MCP missing? Explore the current state of Model Context Protocol security, from stdio vs. HTTP transport risks ...
CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...
Ars Technica

OAuth and OAuth WRAP: defeating the password anti-pattern

The developers behind the OAuth protocol have developed a new variant called OAuth WRAP that is simpler and easier to implement. It’s a stop-gap solution that will enable broader OAuth adoption while ...
Bleeping Computer

OAuth risks: How to identify, investigate, and mitigate them

We’re now all too familiar with the ubiquitous “Sign in with Google” button we encounter all over the internet. For most of us, it has become the go-to “easy button” for managing the sprawling set of ...
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...
Bleeping Computer

Microsoft warns of increasing OAuth Office 365 phishing attacks

Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. These attacks were part of ...