In many enterprises, Security Assertion Markup Language (SAML) is the glue that holds legacy single sign-on together. It has ...

Agentic AI is a stress test for non-human identity governance. Discover how and why identity, trust, and access control must ...

Cybercriminals are launching a widespread wave of phishing attacks that bypass Multi-Factor Authentication (MFA) by exploiting a standard Microsoft 365 feature. Security researchers at Proofpoint warn ...

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...

The OpenID Foundation says it will open self-certification through its conformance testing platform on February 26, 2026, covering OpenID4VP 1.0, OpenID4VCI 1.0, and the High Assurance ...

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter ...

The OpenID Foundation will soon release conformance testing for three final identity specifications, in what a release calls “a defining moment for global digital identity systems worldwide.” Starting ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

IT managers have limited visibility into when users give external apps access to company data. When those external apps are AI agents, the security risks multiply by orders of magnitude. Okta has ...

A newly identified phishing technique known as “CoPhish” exploits Microsoft Copilot Studio agents to deliver deceptive OAuth consent prompts through legitimate Microsoft domains. Researchers at ...