A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Tl;dr: If you manage even one Microsoft 365 tenant, it’s time to audit your OAuth apps. Statistically speaking, there’s a strong chance a malicious app is lurking in your environment. Seriously, go ...

Build a new Spring Boot application that integrates OAuth2 login with GitHub and Google and exposes a minimal user profile module with traditional form-based updates.

The August 2025 Salesloft Drift breach demonstrates a systemic security blind spot across all industries: third-party delegated access through OAuth integrations. Over 700 organizations — including ...

Google Threat Intelligence Group (GTIG) warns that attackers are stealing OAuth tokens via Salesloft Drift integrations in a massive Salesforce data theft. Alphabet’s GTIG and Mandiant attributed the ...

OAuth 2.1 is the officially mandated authorization standard in the Model Context Protocol (MCP) specifications. According to the official documentation, authorization servers must implement OAuth 2.1 ...

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...

A developer reported the scam after noticing a slight discrepancy in the email address. The scam passed Google’s own DKIM checks. One of the oldest signs of a scam email is an incorrect domain.

We may receive a commission on purchases made from links. It's funny how, on the one hand, you can't wait for the spring to fox-trot in and relieve you from the wintry drab. But once it does, the ...