oauth

Cloud security is undergoing a steady transformation as leading platforms face mounting pressure to thwart sophisticated cyber threats. Microsoft’s recent overhaul of high-privilege access within its Microsoft 365 ecosystem marks a watershed moment, signifying an industry-wide pivot to more...

Microsoft’s looming retirement of the Azure AD Graph API is no longer a warning on the horizon—it’s now a fixed endpoint for IT departments, software developers, and the entire Microsoft cloud ecosystem. As of early September 2025, according to Microsoft’s official communications, the legacy API...

A significant security vulnerability has been identified in Synology's Active Backup for Microsoft 365 (ABM), potentially exposing sensitive data across all Microsoft 365 tenants utilizing this backup solution. This flaw, designated as CVE-2025-4679, was discovered by the security firm ModZero...

Microsoft’s cloud ecosystem continues to underpin enterprise digital transformation—yet the discovery and persistence of the nOAuth vulnerability within Entra-integrated applications shines a harsh light on lingering risks at the intersection of identity management, software-as-a-service, and...

Microsoft Active Directory Federation Services (AD FS) has been a cornerstone for organizations seeking to provide single sign-on (SSO) and secure access to a range of web applications—both on-premises and in the cloud. With the explosion of SaaS adoption, the importance of strong authentication...

A critical authentication flaw within Microsoft’s Entra ID ecosystem continues to threaten tens of thousands of enterprise applications worldwide, illustrating a profound challenge for the current state of SaaS security two years after its discovery. The vulnerability, dubbed “nOAuth,” first...

Microsoft is set to implement significant security enhancements within its Microsoft 365 suite by blocking various legacy authentication protocols starting mid-July 2025. This initiative is part of the company's Secure Future Initiative (SFI) and Secure by Default strategy, aiming to bolster the...

Microsoft is drawing a definitive line under the era of legacy authentication protocols in Microsoft 365, setting the stage for a monumental shift in security posture across its cloud ecosystem. Starting from mid-July 2025, Microsoft will begin enforcing new default settings that block legacy...

Microsoft has announced a significant update regarding the deprecation of Basic Authentication (Basic Auth) for Exchange Online's Client Submission (SMTP AUTH). Originally slated for permanent removal in September 2025, the timeline has been extended to begin on March 1, 2026, with complete...

A new chapter in the ongoing battle for cloud security unfolded recently, as researchers disclosed a brazen and remarkably methodical campaign that has compromised over 80,000 user accounts spanning hundreds of organizations. The abuse of penetration testing tools—originally intended as shields...

Microsoft has announced significant changes to its High Volume Email (HVE) service within Microsoft 365, extending support for Basic Authentication until September 2028. This extension aims to provide organizations with additional time to transition to more secure authentication methods, such as...

For many enterprise IT leaders, the intersection of security and high-volume email workflows within Microsoft 365 represents a challenging balancing act. On one hand, organizations demand robust communications infrastructure for both internal and external use. On the other, the growing threat...

Microsoft’s recent announcement regarding significant changes to High Volume Email (HVE) within the Microsoft 365 ecosystem has sent ripples through the IT community, especially among organizations that rely heavily on email automation for communication both internally and externally. This newly...

Microsoft has recently announced significant changes to its High Volume Email (HVE) service within Microsoft 365, alongside an extension of support for Basic Authentication until September 2028. These updates are designed to provide organizations with additional time to transition to more secure...

Microsoft is continuing its evolution of cloud-based identity management with the unveiling of OpenID Connect (OIDC) identity provider support for Entra External ID—a move poised to fundamentally reshape the way organizations blend security, scalability, and user experience in authentication...

In recent weeks, Microsoft 365 users have found themselves in the crosshairs of a sophisticated business email compromise (BEC) campaign that exploits the cloud service’s very reputation for trust and reliability. Rather than launching the usual barrage of phishing emails filled with tyrannical...

Outlook.com users expecting seamless access to their email via Apple Mail on iOS devices have been facing an enduring challenge for over a week, a rare but stark reminder of the reliance placed on interconnected software ecosystems. This persistent disruption has cast a spotlight on the...

If you’ve already started mentally composing your next big idea in Outlook, you might want to hit “Save as Draft” for a moment—there’s a new cyberattack in town, and it’s got your Microsoft 365 credentials written all over it... possibly in Cyrillic. A New Breed of Phishing: Sophisticated Social...

Russian hackers have figured out a way to weaponize OAuth 2.0 authentication—yes, that protocol you trusted implicitly last Tuesday when you breezed through another Microsoft 365 login screen—turning what should be a knight in shining armor into a digital Trojan horse galloping straight through...

There’s a certain poetic irony in the fact that OAuth 2.0—a framework specifically engineered to keep our digital lives safe from password theft—is now being bent and twisted by Russian hackers to hijack entire Microsoft 365 accounts. If that isn’t progress in the field of offensive...