oauth tokens

Microsoft’s promise to let non‑developers build “digital employees” inside Copilot Studio has collided with a simple, sharp truth: no‑code AI agents that are given broad read/write permissions can be manipulated to do real harm. In a controlled proof‑of‑concept, Tenable’s AI research team showed...

A growing wave of Windows users reported that Microsoft Outlook simply refuses to open on their PCs this week, but a simple, community-sourced workaround — removing two local application folders — has restored access for thousands of affected machines and offers a practical route back to the...

Microsoft Copilot Studio agents can be weaponized to deliver highly convincing OAuth consent phishing that results in stolen tokens and persistent account access — a technique researchers have labelled “CoPhish” that leverages legitimate Microsoft-hosted agent pages to evade traditional...

Borderlands 4 players encountering missing Twitch Drops are not alone — the campaign’s reward delivery frequently stalls when the three-part authentication chain (Twitch ↔ SHiFT ↔ platform account) contains a stale token or an incomplete link. In practice this means users will see a claimed Drop...

Microsoft is heralding a new era for enterprise identity security with the general availability of linkable token identifiers in Entra ID, the latest upgrade to its modern identity platform. This innovation is designed to combat one of the most persistent challenges in cybersecurity: the...

In an age where artificial intelligence is rapidly transforming enterprise workflows, even the most lauded tools are not immune to the complex threat landscape that continues to evolve in parallel. The recent revelation of a root access exploit in Microsoft Copilot—a flagship AI assistant...

In recent months, the cybersecurity landscape has been rocked by a rapidly escalating campaign in which cybercriminals have weaponized TeamFiltration, a penetration testing tool, to orchestrate massive attacks on Office 365 accounts. According to incident data and credible analyses from leading...

Restoring access to Microsoft 365 (M365) desktop applications is an essential aspect for many professional and educational users who rely on productivity tools like Word, Excel, PowerPoint, and Outlook. A significant source of frustration arises when users unexpectedly lose access to these...

If you’ve already started mentally composing your next big idea in Outlook, you might want to hit “Save as Draft” for a moment—there’s a new cyberattack in town, and it’s got your Microsoft 365 credentials written all over it... possibly in Cyrillic. A New Breed of Phishing: Sophisticated Social...

Microsoft Outlook Outage in Canada: What Windows Users Need to Know Microsoft Outlook—an essential tool on many Windows systems—recently experienced yet another service disruption, this time affecting thousands of users across Canada. With this being the second outage within days, IT pros and...

Microsoft 365 Outage: Authentication Token Failure Disrupts Cloud Services A recent outage has sent shockwaves through the Microsoft 365 ecosystem, highlighting both the complexities of cloud infrastructure and the critical role of authentication tokens. On March 3, 2025, users across Canada and...

Original release date: January 8, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to Link Removed...