OAuth stories

A rapid surge in OpenClaw AI assistant use has left tens of thousands of exposed systems and a trail of hijacked tools and malicious add-ons.

AI-driven hackers can now steal data in just 72 minutes, as faster, multi-surface attacks overwhelm complex, over-trusting enterprises.

Okta launches Agent Discovery to uncover and rein in shadow AI agents, mapping risky app access and tightening identity-based controls.

Okta users face rising vishing attacks as ShinyHunters expand real-time MFA phishing, prompting fresh SaaS and identity security warnings.

Shadow AI tool Clawdbot quietly spreads across workplaces, alarming security teams as staff grant it broad access on unmanaged devices.

Experts say AI-driven attacks and rampant data leaks mean organisations must verify outputs, curb collection and harden identity controls.

Criminals are using Kubernetes and cloud-native tools to rapidly scale phishing-as-a-service, targeting Gmail, Facebook and Microsoft O365.

Proofpoint flags a sharp rise in Microsoft 365 account takeovers via device code phishing, hitting firms from finance to government.

Cyber attacks on SaaS platforms are soaring, pushing boards to make AI‑driven security a core strategy as misconfigurations fuel mass breaches.

CData's Connect AI now enables Microsoft Copilot Studio agents to access and act on live data from 350+ enterprise systems, boosting AI-driven business insights.

Google Workspace's native tools struggle to manage unapproved SaaS apps, exposing firms to data risks amid rising shadow IT use.

Barracuda warns of a surge in advanced OAuth phishing attacks exploiting Microsoft 365 and other platforms to steal access tokens and bypass multifactor authentication.

Delinea has launched its open-source MCP Server, enabling secure, policy-driven access for AI agents to manage credentials and workflows efficiently.

SquareX launches two open-source toolkits to help security teams simulate and defend against browser-based attacks that evade traditional enterprise defences.

Okta has launched Cross App Access to enhance enterprise AI security by giving IT teams central control and visibility over AI agent interactions with apps.

Outpost24 reveals seven common OAuth risks and offers best practices to help organisations prevent unauthorised access and data breaches through better token security.

Over 80,000 Microsoft Entra ID accounts have been targeted in the UNK_SneakyStrike takeover campaign exploiting the TeamFiltration penetration testing tool.

Harness unveils IDP 2.0, enhancing developer speed and security with granular RBAC, real-time Git sync, and enterprise-scale usability.

Pax8 launches new AI initiatives, including a research report, learning programme, marketplace upgrades, and rewards to accelerate MSP growth in SMB transformation.

Cloudflare partners with Anthropic to enable secure, real-time AI integrations with SaaS giants like Atlassian, Stripe, and PayPal using its new MCP toolkit.