CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

Top 5 Best Customer Identity and Access Management (CIAM) Solutions in 2026

Compare the top 5 customer identity and access management (CIAM) platforms in 2026 to find the right fit for your product's ...
IEEE

Secure and Scalable Academic Result Management Using Hybrid OAuth 2.0 and JWT Authentication

Abstract: - The paper presents CloudRMS a Cloud-Native Result Management System that will allow the modernization and secure processing of academic results in education institutions. The common issues ...
The Droid Guy

Anthropic Bans OAuth Tokens from Consumer Plans in Third-Party Tools

Anthropic has officially banned users from extracting OAuth tokens from their Claude consumer subscriptions (Free, Pro, and Max plans) to use in third-party tools and applications. The move, which the ...
CSOonline

OAuth phishers make ‘check where the link points’ advice ineffective

Microsoft has warned that phishers are exploiting a built-in behavior of the OAuth authentication protocol to redirect victims to malware, using links that point to legitimate identity provider ...
The Hacker News

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The ...
The Hacker News

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It's advertised ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and ...
PC World

What’s behind the OpenClaw ban wave

PCWorld reports that Anthropic and Google are banning users who connect flat-rate Claude and Gemini accounts to OpenClaw without warning or refunds. OpenClaw’s massive token consumption degrades ...
GitHub

GitHub - stackql-registry/stackql-provider-databricks: StackQL Provider for Databricks built from the Databricks SDK for Python (Beta)

The Databricks SDK for Python picks up an OAuth token in the scope of the Google Default Application Credentials (DAC) flow. This means that if you have run gcloud auth application-default login on ...
GitHub

Orthanc DICOMweb OAuth Plugin

Enables Orthanc to transparently connect to OAuth2-protected DICOMweb servers through the standard UI. Automatically handles token acquisition, caching, and refresh for any OAuth2/OIDC provider—users ...