Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
Security Boulevard

Vercel Breach: How a Roblox Cheat Download Led to a $2M Data Heist Through AI Tool OAuth Abuse

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...
Security Boulevard

SAML vs OIDC vs OAuth 2.0: 12 Differences Every B2B Engineering Team Should Know

Choosing between SAML, OIDC, and OAuth 2.0? Explore 12 critical differences to help your B2B engineering team select the right authentication protocol today.
The Hacker News

Toxic Combinations: When Cross-App Permissions Stack into Risk

Toxic combinations form when AI agents, integrations, or OAuth grants bridge SaaS apps into trust relationships no single ...
Threat Post

Twitter OAuth API Keys Leaked

The OAuth keys and secrets that official Twitter applications use to access users’ Twitter accounts have been leaked in a post to Github this morning. The OAuth keys and secrets that official Twitter ...
Decrypt

Free Qwen Is Dead: Alibaba Shuts Down Qwen Code Free Tier

Alibaba shut down Qwen Code's free tier today, following a license bait-and-switch from fellow Chinese company MiniMax.

Google Ads API to require multi-factor authentication

Google’s new MFA requirement for the Ads API strengthens security but may require advertisers to adjust authentication ...
secureidnews.com

OAuth 2.0: Enabling identity for the cloud, mobile

Digital identity is becoming increasingly important as enterprises strive to protect and control access to online resources. A series of maturing standards is helping make identity management and ...
Morningstar

HTTP Got TLS. APIs Got OAuth. MCP Got Nothing. Permit.io Launches the Gateway to Fix That.

HTTP Got TLS. APIs Got OAuth. MCP Got Nothing. Permit.io Launches the Gateway to Fix That. AI agents are calling enterprise tools in production today with no fine-grained authorization, no delegation ...